security for wireless voice devies

Unanswered Question
Mar 5th, 2007

Hi,

what is the highest secuirty that we can provide to the wireless phones which are communication with VOICE SSID.

pl help me with configuration for Autonomous AP's.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rob.huffman Wed, 03/07/2007 - 06:33

Hi Srihari,

At this time the security solutions available on the Cisco 7920 Wireless IP Phone are wired equivalent privacy (WEP) and LEAP (part of the 802.1X architecture).

For a wireless voice deployment, Cisco recommends the following security solutions:

Strong passwords and unique logins for wireless voice

Separation of data and voice VLANs

Separation between wireless voice usernames and passwords and wired equivalents

Cisco recommends that all wireless voice deployments eventually use LEAP. While it is common for new deployments to use static WEP in order to solve any installation problems before adding LEAP, static WEP should be used only during the installation period.

When a deployment begins to use LEAP, Cisco recommends using strong passwords, which contain a minimum of 10 characters comprising uppercase and lowercase letters as well as special characters such as *&%$#@?!. Strong passwords are generally not easy to enter into the phone and therefore are usually stored locally on the phone. These passwords are hidden and cannot be seen.

From this good doc;

Wireless Voice Security Recommendations

http://www.cisco.com/en/US/products/hw/phones/ps379/prod_technical_reference09186a00802c4910.html

Hope this helps!

Rob

srihari_rgda Wed, 03/07/2007 - 07:23

Hi Rob,

Thanks for the response.

I have one more query, when we enable security on voice there may be some delay in reassociating with next AP. i.e. during user roaming from one AP to other user will not feel the delay in re-associating, re-authenticating etc.

Regards

Srihari

ERNIE DULANOWSKY Wed, 03/07/2007 - 07:36

I believe that WPA can be used with the most recent release of 7290 firmware. I've just done an installation that uses this.

One issue that arose was that the WLC had to be configured from CLI to get the correct setting - none of the config we tried from web GUI or WCS would work.

Actions

This Discussion