Cisco UC500 Wireless Security Features
A UC520 with an integrated AP can be used in order to provide WiFi coverage if the desired service area is within the vicinity of the physical UC520 unit. This option is optimal for a small office environment that installs the UC520 as a desktop unit.
The integrated Autonomous Access Point on the UC520 supports the following Authentication and the Encryption Types.
Authentication Types
Authentication types supported on the UC520 using the Cisco Configuration Assistant
open
open-eap
network-eap
wpa-psk
For generic information on understanding authentication types please refer to the following link (Note: Not all the authentication types are supported with the integrated Access Point)
Understanding Authentication Types
Encryption Types
Encryption types supported on the UC520 using the Cisco Configuration Assistant
wep
dynamic wep
tkip
aes ccmp
aes ccm
Understanding Encryption Types
Configuration Example for UC520 Integrated AP using WEP security and open authentication
The UC520 router ships with a factory default configuration that has the configuration for the integrated AP already set to use uc520-voice as the SSID with open authentication and no encryption.
In these steps, you delete the factory configured WiFi settings and re-configure the router to use WEP security and open authentication.
CCA Configuration Example
Complete these steps:
1. Launch the Cisco Configuration Assistant (CCA) application.
2. Choose Configure > Wireless > WLANs (SSIDs).
The window below launches:
3. Highlight the entry with the SSID of uc520-voice, and delete it.
4. Click on Create button in order to create a new SSID.
The window below launches:
5. Enter a suitable name for the SSID.
The example shown here does not have the SSID broadcasted. You can choose to have the SSID broadcast based upon your network deployment preferences.
6. Choose WEP from the Security menu.
7. Enter a suitable pass phrase, choose 128bit for Key1, and then click Generate.
8. Note the WEP key.
You can generate up to four keys. This example only shows one key.
Corresponding Cisco IOS Configuration (Note: Configuration is done via CCA)
Cisco IOS Configuration Example This is a snippet of the running configuration from the UC500 router:
dot11 ssid uc520-data
vlan 1
authentication open
dot11 ssid vowlsbcs
vlan 100
authentication open
ip dhcp pool phone
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
option 150 ip 10.1.1.1
ip dhcp pool data
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 63.203.35.55
interface Dot11Radio0/5/0
no ip address
encryption vlan 100 key 1 size 128bit 0 DCAC25F262782B84384A938ACE
transmit-key
encryption vlan 100 mode wep mandatory
ssid uc520-data
ssid vowlsbcs
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
48.0 54.0
station-role root
interface Dot11Radio0/5/0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0/5/0.100
encapsulation dot1Q 100
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan100
no ip address
bridge-group 100
bridge-group 100 spanning-disabled
interface BVI1
ip address 192.168.10.1 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly
interface BVI100
ip address 10.1.1.1 255.255.255.0
ip access-group 103 in
ip nat inside
ip virtual-reassembly
Configuration of the Cisco 7921 Phone
On the Cisco 7921 phone, navigate to these menus and configure as recommended (Note: To go to the config mode on any of the appropriate sub-menus press "**#" to unlock and change to appropriate value:
1. Settings > Network profiles > profile1 > network configuration > DHCP enabled: Yes
2. Settings > Network profiles > profile1 > WLAN configuration > SSID: vowlsbcs
3. Settings > Network profiles > profile1 > WLAN configuration > 802.11 Mode: Auto-RSSI
4. Settings > Network profiles > profile1 > WLAN configuration > Security Mode: Open-WEP
5. Settings > Network profiles > profile1 > WLAN configuration > Key style: Hex
6. Settings > Network profiles > profile1 > WLAN configuration > Static WEP key1: < key>
Useful Links
Configuring the Cisco 7920 Wireless IP Phone with WEP Keys, VLANs, and LEAP