Securing Voice WLAN

geetsingh22 · ‎06-22-2009

Can anyone help for securing voice WLAN?

I want dedicated voice traffic flow in specific vlan no data traffic . Data traffic must drop if it is going through voice vlan.

Can we use CA Certificate + PEAP +WPA +WPA 2 Authentication in 7925 Cisco IP Phone ?

Current Scenario: We have used 2 SSID ,for Voice and data.

Voice SSID authentication

WPA + AES + EAP-FAST +MAC Authentication

Data SSID authentication

WPA + WPA2 +AES + PEAP

dancampb · ‎06-23-2009

I would suggest using WPA1+TKIP+CCKM for the voice WLAN. The 792x phones do not support PMK with AES so you will be doing a full reauth at every roam. With CCKM you will get the fast roaming.

geetsingh22 · ‎06-25-2009

Can we able to use PEAP+CA certificate in voice WLAN authentication.

how can i configure dedicated voice traffic in voice wlan.

here we have a problem as few user using the voice cridential and login to the network through the laptop

Leo Laohoo · ‎06-24-2009

Hope this helps.

Cisco Unified Wireless IP Phone 7921G Deployment Guide

www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/6_0/english/deployment/guide/7921dply.pdf

Cisco Unified Wireless IP Phone 7925G Deployment Guide

www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf

migilles · ‎06-28-2009

Yes, in our deployment guides, it explains how to import a certificate in order to server validation when using PEAP.

As far as WPA vs WPA2, as mentioned, currently the 792xG does not support a fast roaming method with WPA2(AES), but supports CCKM with WPA(TKIP). Looking at adding the CCX v5 feaure of WPA2+CCKM in a future release, but not committed at this time.

dancampb · ‎06-26-2009

Sure, you can use PEAP.

As far as only allowing phones on the voice WLAN you could use Radius attributes to keep laptops from being able to use that WLAN. Looks at either dynamic VLAN assignments, dynamic ACL, or using the DNAR to specify SSID.