The Cisco 7920 Wireless IP Phone supports both Static Wired Equivalent Privacy (WEP) and Cisco LEAP for authentication and data encryption. If either encryption model is used, both the signaling (Skinny Client Control Protocol, or SCCP) and media (RTP) are encrypted between the Cisco 7920 phone and the AP.
Static WEP requires that a 40-bit or 128-bit key be entered manually on all of the Cisco 7920 phones as well as the APs. It performs AP-based authentication by verifying that the accessing device (in this case, the Cisco 7920 phone) has a matching key.
LEAP allows devices (such as the Cisco 7920 phone and AP) to be authenticated mutually (phone-to-AP and AP-to-phone) based on a user name and password. Upon authentication, a dynamic key is used between the Cisco 7920 phone and the AP to encrypt traffic.
If LEAP is used, a LEAP-compliant RADIUS server, such as the Cisco Access Control Server (ACS), is required to provide access to the user database. The Cisco ACS can either store the user name and password database locally, or it can access that information from an external Microsoft Windows NT directory.
When using LEAP, ensure that strong passwords are used on all wireless devices. Strong passwords are defined as being between 10 and 12 characters long and can include both uppercase and lowercase characters as well as the special characters * & % $ # @.
Because most users save their passwords on the phone, Cisco recommends that you use different user names and passwords on data clients and wireless voice clients. This practice helps with tracking and troubleshooting as well as security.