Best Config for Voice WLAN on WLC 4400 with 7920phones

Answered Question
Oct 25th, 2007
User Badges:

hi,


i need some help. whats the best known configuration for a voice wlan with 7920 IP Phones?


my config is following:

Radio Policy: 802.11b/g only

Admin Status Enabled

Session Timeout (secs): 0

Quality of Service (QoS): Platinum (voice)

WMM Policy: Disabled

7920 Phone Support:

- no Client CAC Limit

- no AP CAC Limit


Broadcast SSID: disabled

Aironet IE: Enabled

Allow AAA Override: Enabled

Client Exclusion: Enabled **

- Timeout Value (secs): 60

DHCP Server: Override disabled

DHCP Addr. Assignment: Required


MFP Version Required: 1

MFP Signature Generation: enabled

H-REAP Local Switching: disabled


Layer2 Security: WPA-TKIP PSK


is that ok?


thx for your help...

Correct Answer by migilles about 9 years 9 months ago

If planning to enable TKIP with the 7920, recommend to reduce the TKIP countermeasure holdoff time to 0, which can be done via the controller CLI "config wlan security tkip hold-down ".


7920 doesn't support MFP, but is only supported currently with AES, which also 7920 doesn't support.


Would recommend using 4.1.185.0 on the WLC and 3.02 on the 7920.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
migilles Fri, 10/26/2007 - 17:42
User Badges:
  • Cisco Employee,

If planning to enable TKIP with the 7920, recommend to reduce the TKIP countermeasure holdoff time to 0, which can be done via the controller CLI "config wlan security tkip hold-down ".


7920 doesn't support MFP, but is only supported currently with AES, which also 7920 doesn't support.


Would recommend using 4.1.185.0 on the WLC and 3.02 on the 7920.

migilles Fri, 10/26/2007 - 17:44
User Badges:
  • Cisco Employee,

Oh by the way. Do NOT enable DHCP required. This can cause big issues.

If the client session is terminated, then the client must re-DHCP in order for the WLC to start forwarding traffic again. If 7920 is on call, it will not re-DHCP until the call is ended. If in idle, will have to exhaust the 90 second CallManager keepalive timoeut. So highly recommended to disable this for the voice vlan.

elkono200 Mon, 10/29/2007 - 04:06
User Badges:

hi migilles,


my wlc version doesnt support this command "config wlan security tkip hold-down "


seems that is a newer cmd.


thx

migilles Mon, 10/29/2007 - 08:53
User Badges:
  • Cisco Employee,

Think maybe it was implemented in 4.1 code.

Would recommend 4.1.185.0.

elkono200 Mon, 11/05/2007 - 02:07
User Badges:

hi migilles,


i disabled DHCP required and MFP.


now its working fine.

thx for your help



Actions

This Discussion