Securing Voice WLAN

Unanswered Question
Jun 22nd, 2009

Can anyone help for securing voice WLAN?

I want dedicated voice traffic flow in specific vlan no data traffic . Data traffic must drop if it is going through voice vlan.

Can we use CA Certificate + PEAP +WPA +WPA 2 Authentication in 7925 Cisco IP Phone ?

Current Scenario: We have used 2 SSID ,for Voice and data.

Voice SSID authentication

WPA + AES + EAP-FAST +MAC Authentication

Data SSID authentication


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dancampb Tue, 06/23/2009 - 08:16

I would suggest using WPA1+TKIP+CCKM for the voice WLAN. The 792x phones do not support PMK with AES so you will be doing a full reauth at every roam. With CCKM you will get the fast roaming.

geetsingh22 Thu, 06/25/2009 - 22:01

Can we able to use PEAP+CA certificate in voice WLAN authentication.

how can i configure dedicated voice traffic in voice wlan.

here we have a problem as few user using the voice cridential and login to the network through the laptop

migilles Sun, 06/28/2009 - 23:34

Yes, in our deployment guides, it explains how to import a certificate in order to server validation when using PEAP.

As far as WPA vs WPA2, as mentioned, currently the 792xG does not support a fast roaming method with WPA2(AES), but supports CCKM with WPA(TKIP). Looking at adding the CCX v5 feaure of WPA2+CCKM in a future release, but not committed at this time.

dancampb Fri, 06/26/2009 - 04:45

Sure, you can use PEAP.

As far as only allowing phones on the voice WLAN you could use Radius attributes to keep laptops from being able to use that WLAN. Looks at either dynamic VLAN assignments, dynamic ACL, or using the DNAR to specify SSID.


This Discussion