Voice over WLAN - a challenging technology
Voice over WLAN (VoWLAN) is one of the most challenging technologies that Cisco provides. For VoWLAN to work satisfactorily - especially in the high-stress environments in which it is deployed, such as healthcare - the network, and the phone, must be able consistently to transport a real-time, bidirectional, securely encrypted audio stream, with almost no dropouts, while the endpoint moves across four dimensions (space and frequency).
This document explains how to get 792x wireless phones (7921G, 7925G, 7926G) to work well in a Cisco Unified Wireless Network.
Seven basic guidelines to making VoWLAN work well
Though delivering a reliable VoWLAN service is difficult, it is possible, provided that the network provider adheres to the following basic design guidelines.
1. Have solid coverage in 5GHz - and lock your phones to 802.11a
Your network's ability to perform is fundamentally dependent on a solid physical layer. VoWLAN uses both the 2.4GHz and 5GHz bands. Of these, the 2.4GHz band's lower frequency signals carry further - however, the constrained bandwidth (only three non-overlapping channels) and ever increasing interference, render 2.4GHz, in most cases, unsuitable for reliable voice. Network providers who want to deliver a reliable VoWLAN service will ensure that their design adheres to the following standard:
Every spot in the coverage area is serviced by at least two viable 5GHz access points, at -67dBm or stronger.
You can easily validate the necessary coverage by setting your phone into site survey mode, and walking throughout your coverage area.
Additionally, AP placement, antenna selection, building construction, etc. must be such that multipath distortion is kept to a minumum. To ensure gap-free roaming, a moving phone must be able to hear each roamed-to AP at least 5 seconds before it needs to roam to it - so place all APs in the middle of halls, at corridor junctions, etc., rather than in blind spots.
2. Run 1.4.3 or above - nothing earlier
The 1.4.2 firmware introduced a greatly improved scanning and roaming algorithm in the 792x phones. 1.4.3 introduces other critical fixes. If you are experiencing audio problems with your phones - never, ever run any firmware prior to 1.4.3.
Be aware that, for newer hardware revisions of the 792x phones, it is not possible to run any firmware prior to 1.4(3)SR1 - see the release notes. Therefore, for new or RMAd phones, you can't run the old firmware, even if you want to.
3. Best to have access points in local mode, not Flexconnect (H-REAP) local switching
If using FlexConnect (H-REAP) local switching, watch out for the following:
- CSCtz31572 HREAP local switching - ARP , broadcast key on standalone transition (affects 7.0 prior to 220.127.116.11 and all 7.2)
- CSCul15555 FlexConnect AP - decryption errors after CCKM roaming (affects all releases)
Other reasons to avoid FlexConnect for 792x phones are:
- Flex local switching does not support ARP caching (i.e. the AP cannot ARP on behalf of the wireless clients to the LAN.) Therefore, ARP is unreliable, and battery lifetime on the phones is impaired. (This limitation will be addressed via CSCty04398, in 8.0.)
- Fast Secure Roaming via CCKM is supported only among APs within the same FlexConnect group. As the number of APs within a Flex group is limited (for example, on the 5508 WLC, to 25 APs), FlexConnect is not suited to large deployments.
If your WAN link between the APs and the WLC is high latency, unreliable, or low bandwidth, then consider installing a WLC at the site where the phones are.
4. Use WPA2/AES EAP/CCKM or static WEP - beware TKIP and PSK
WPA2/AES Enterprise with CCKM is the recommended security scheme for 792x phones - it is the most secure method, and provides for the fastest roaming times. You may use Local Authentication on the WLC, if you do not want to use an external RADIUS server. (When using CCKM, use the WLC command "config wlan security wpa akm cckm timestamp-tolerance 5000" to increase the likelihood of performing a fast roam.) (Also see the CCKM Client Disconnect Bugs in 7.0/7.2 tip.)
If security is not a concern, then static WEP will work well.
Avoid TKIP which is susceptible to MIC error triggered service interruptions.
With 7925G phones, avoid WPA/WPA2 Preshared Key (PSK.) This is because the 7925G phones suffer from the following problem, which intermittently prevents WPA key exchanges from completing:
CSCtt38270 7925 sometimes takes 1+ second to respond to WPA M1 key message
This bug does not affect 7921G or 7926G phones. It will not be fixed for the 7925G; if you must use PSK with 7925G, you can mitigate the impact to some extent with: config advanced eap eapol-key-timeout 250
Warning: the RM3000AC 802.11ac modules for the AP3600 do not support CCKM, and are not supported for use with 792x phones. Having these modules enabled will cause problems for roaming - workaround: enable both TKIP and AES on the voice WLAN (which will keept the SSID from being enabled on the 11ac module) - track CSCui67756 and CSCuh82417 for a fix, expected in the 7.6 AireOS release.
5. Optimize channels, power, and data rates
- use at least 8 channels (if available in your regulatory domain)
- use channels from UNII-1 (36-48), UNII-2 (52-64), UNII-2 Extended (100-140), and/or UNII-3 (149-161 but not 165)
- if coverage is weak, avoid channels with lower power limits
- if radar detection is frequent, avoid the DFS channels (UNII-2, UNII-2 extended)
- in 5GHz, use a minimum power level of at least 11dBm
- in all 5GHz deployments but the very densest ones, you can simply set a power level of 1 (maximum)
- data rates:
- set 6Mbps as the lowest mandatory rate, be sure that 12 and 24Mbps are enabled
- remember to make any changes on all WLCs in the RF group
6. Enable continuous scan mode (in CUCM)
If 792x users roam from AP to AP frequently, then continuous scan mode should be enabled; however idle battery life can be reduced to some extent. (A fresh battery should still last an 8-hour shift.) Without continuous scan mode, the AP may be intermittently associated to an AP with a weak signal, which may have an rare impact on incoming calls and pages.
7. Configure all QoS, and everything else, exactly as documented in the 7925 DG
Go through the entire 7925G Deployment Guide, and configure the phones and the wireless network as per its recommendations. In particular, make sure that all QoS configurations are set as per best practice, throughout your wireless and wired network.
With strict adherence to every single one of the above guidelines, there is a high probability that your VoWLAN service will meet your clients' performance expectations.