Wireless Security - Cisco Unified Communications 500 Series - Cisco Smart Business Communication Systems

Document

Nov 24, 2008 12:14 AM
Nov 24th, 2008

Cisco UC500 Wireless Security Features

A UC520 with an integrated AP can be used in order to provide WiFi coverage if the desired service area is within the vicinity of the physical UC520 unit. This option is optimal for a small office environment that installs the UC520 as a desktop unit.

The integrated Autonomous Access Point on the UC520 supports the following Authentication and the Encryption Types.

Authentication Types

Authentication types supported on the UC520 using the Cisco Configuration Assistant

open

open-eap

network-eap

wpa-psk

For generic information on understanding authentication types please refer to the following link (Note: Not all the authentication types are supported with the integrated Access Point)

Understanding Authentication Types

Encryption Types

Encryption types supported on the UC520 using the Cisco Configuration Assistant

wep

dynamic wep

tkip

aes ccmp

aes ccm

Understanding Encryption Types

Configuration Example for UC520 Integrated AP using WEP security and open authentication

The UC520 router ships with a factory default configuration that has the configuration for the integrated AP already set to use uc520-voice as the SSID with open authentication and no encryption.

In these steps, you delete the factory configured WiFi settings and re-configure the router to use WEP security and open authentication.

CCA Configuration Example

Complete these steps:

1. Launch the Cisco Configuration Assistant (CCA) application.

2. Choose Configure > Wireless > WLANs (SSIDs).

The window below launches:

Sbcs_7921_wp-4.gif

3. Highlight the entry with the SSID of uc520-voice, and delete it.

4. Click on Create button in order to create a new SSID.

The window below launches:

Sbcs_7921_wp-5.gif

5. Enter a suitable name for the SSID.

The example shown here does not have the SSID broadcasted. You can choose to have the SSID broadcast based upon your network deployment preferences.

6. Choose WEP from the Security menu.

7. Enter a suitable pass phrase, choose 128bit for Key1, and then click Generate.

8. Note the WEP key.

You can generate up to four keys. This example only shows one key.

Corresponding Cisco IOS Configuration (Note: Configuration is done via CCA)

Cisco IOS Configuration Example This is a snippet of the running configuration from the UC500 router:


dot11 ssid uc520-data

  vlan 1

  authentication open

dot11 ssid vowlsbcs

  vlan 100

  authentication open


ip dhcp pool phone

  network 10.1.1.0 255.255.255.0

  default-router 10.1.1.1

  option 150 ip 10.1.1.1

ip dhcp pool data

  import all

  network 192.168.10.0 255.255.255.0

  default-router 192.168.10.1

  dns-server 63.203.35.55

interface Dot11Radio0/5/0

no ip address

encryption vlan 100 key 1 size 128bit 0 DCAC25F262782B84384A938ACE

transmit-key

encryption vlan 100 mode wep mandatory

ssid uc520-data

ssid vowlsbcs

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0

48.0 54.0

station-role root

interface Dot11Radio0/5/0.1

encapsulation dot1Q 1 native

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

interface Dot11Radio0/5/0.100

encapsulation dot1Q 100

bridge-group 100

bridge-group 100 subscriber-loop-control

bridge-group 100 spanning-disabled

bridge-group 100 block-unknown-source

no bridge-group 100 source-learning

no bridge-group 100 unicast-flooding


interface Vlan1

no ip address

bridge-group 1

bridge-group 1 spanning-disabled

interface Vlan100

no ip address

bridge-group 100

bridge-group 100 spanning-disabled


interface BVI1

ip address 192.168.10.1 255.255.255.0

ip access-group 102 in

ip nat inside

ip virtual-reassembly

interface BVI100

ip address 10.1.1.1 255.255.255.0

ip access-group 103 in

ip nat inside

ip virtual-reassembly

Configuration of the Cisco 7921 Phone

On the Cisco 7921 phone, navigate to these menus and configure as recommended (Note: To go to the config mode on any of the appropriate sub-menus press "**#" to unlock and change to appropriate value:

1. Settings > Network profiles > profile1 > network configuration > DHCP enabled: Yes

2. Settings > Network profiles > profile1 > WLAN configuration > SSID: vowlsbcs

3. Settings > Network profiles > profile1 > WLAN configuration > 802.11 Mode: Auto-RSSI

4. Settings > Network profiles > profile1 > WLAN configuration > Security Mode: Open-WEP

5. Settings > Network profiles > profile1 > WLAN configuration > Key style: Hex

6. Settings > Network profiles > profile1 > WLAN configuration > Static WEP key1: < key>

Useful Links

Configuring the Cisco 7920 Wireless IP Phone with WEP Keys, VLANs, and LEAP

Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted November 24, 2008 at 12:14 AM
Stats:
Comments:0 Avg. Rating:0
Views:3415 Contributors:0
Shares:0

Related Content

Documents Leaderboard