Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
4401
Views
0
Helpful
0
Comments

Wireless Security - Cisco Unified Communications 500 Series - Cisco Smart Business Communication Systems

SBCS-Expert
Level 4
Level 4

on ‎11-24-2008 12:14 AM

Cisco UC500 Wireless Security Features

A UC520 with an integrated AP can be used in order to provide WiFi coverage if the desired service area is within the vicinity of the physical UC520 unit. This option is optimal for a small office environment that installs the UC520 as a desktop unit.

The integrated Autonomous Access Point on the UC520 supports the following Authentication and the Encryption Types.

Authentication Types

Authentication types supported on the UC520 using the Cisco Configuration Assistant

open

open-eap

network-eap

wpa-psk

For generic information on understanding authentication types please refer to the following link (Note: Not all the authentication types are supported with the integrated Access Point)

Understanding Authentication Types

Encryption Types

Encryption types supported on the UC520 using the Cisco Configuration Assistant

wep

dynamic wep

tkip

aes ccmp

aes ccm

Understanding Encryption Types

Configuration Example for UC520 Integrated AP using WEP security and open authentication

The UC520 router ships with a factory default configuration that has the configuration for the integrated AP already set to use uc520-voice as the SSID with open authentication and no encryption.

In these steps, you delete the factory configured WiFi settings and re-configure the router to use WEP security and open authentication.

CCA Configuration Example

Complete these steps:

1. Launch the Cisco Configuration Assistant (CCA) application.

2. Choose Configure > Wireless > WLANs (SSIDs).

The window below launches:

Sbcs_7921_wp-4.gif

3. Highlight the entry with the SSID of uc520-voice, and delete it.

4. Click on Create button in order to create a new SSID.

The window below launches:

Sbcs_7921_wp-5.gif

5. Enter a suitable name for the SSID.

The example shown here does not have the SSID broadcasted. You can choose to have the SSID broadcast based upon your network deployment preferences.

6. Choose WEP from the Security menu.

7. Enter a suitable pass phrase, choose 128bit for Key1, and then click Generate.

8. Note the WEP key.

You can generate up to four keys. This example only shows one key.

Corresponding Cisco IOS Configuration (Note: Configuration is done via CCA)

Cisco IOS Configuration Example This is a snippet of the running configuration from the UC500 router:


dot11 ssid uc520-data

  vlan 1
  authentication open

dot11 ssid vowlsbcs

  vlan 100
  authentication open


ip dhcp pool phone

  network 10.1.1.0 255.255.255.0
  default-router 10.1.1.1
  option 150 ip 10.1.1.1

ip dhcp pool data

  import all
  network 192.168.10.0 255.255.255.0
  default-router 192.168.10.1
  dns-server 63.203.35.55

interface Dot11Radio0/5/0

no ip address
encryption vlan 100 key 1 size 128bit 0 DCAC25F262782B84384A938ACE
 transmit-key
encryption vlan 100 mode wep mandatory
ssid uc520-data
ssid vowlsbcs
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
 48.0 54.0
station-role root

interface Dot11Radio0/5/0.1

encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding

interface Dot11Radio0/5/0.100

encapsulation dot1Q 100
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding


interface Vlan1

no ip address
bridge-group 1
bridge-group 1 spanning-disabled

interface Vlan100

no ip address
bridge-group 100
bridge-group 100 spanning-disabled


interface BVI1

ip address 192.168.10.1 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly

interface BVI100

ip address 10.1.1.1 255.255.255.0
ip access-group 103 in
ip nat inside
ip virtual-reassembly

Configuration of the Cisco 7921 Phone

On the Cisco 7921 phone, navigate to these menus and configure as recommended (Note: To go to the config mode on any of the appropriate sub-menus press "**#" to unlock and change to appropriate value:

1. Settings > Network profiles > profile1 > network configuration > DHCP enabled: Yes

2. Settings > Network profiles > profile1 > WLAN configuration > SSID: vowlsbcs

3. Settings > Network profiles > profile1 > WLAN configuration > 802.11 Mode: Auto-RSSI

4. Settings > Network profiles > profile1 > WLAN configuration > Security Mode: Open-WEP

5. Settings > Network profiles > profile1 > WLAN configuration > Key style: Hex

6. Settings > Network profiles > profile1 > WLAN configuration > Static WEP key1: < key>

Useful Links

Configuring the Cisco 7920 Wireless IP Phone with WEP Keys, VLANs, and LEAP

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents