Does Cisco IP Phone 7921G support WPA2+AES+PKC? I know it supports WPA2+AES, but documentation is not clear if it supports PKC.
Or do I _have to_ use WPA+TKIP+CCKM to support fast secure roaming in CUWN environment?
VoWLAN design guide 4.1 recommends using WPA+TKIP+CCKM. Is that because the phone doesn't support PKC? Is that going to change?
The 7921/7925 gives precedence to the strongest key-management then cipher, so if you have WPA2+AES enabled, then will not use CCKM as that combo is not supported as mentioned in the previous post. We do send the key info but only after successfully associated to an AP previously. This implementation is more inline with OKC vs PKC, which is not supported on the WLC.
So currently there is no supported fast roaming mechanism with WPA2 using the WLAN controller and the 7921/7925.
If you like you can bring this topic up to your local Cisco account team to discuss further.
No PKC is not supported. The only fast roaming method supported today is CCKM, which is with WPA(TKIP) or 802.1x(WEP). WPA2+CCKM is being investigated.