I'm getting ready to deploy some 7920's and want to make sure I've got some decent security. What I'd like to do is combine mac address security with a userid/password unique to the phone. (or I could live with a common one for all phones but I don't want to) I'm looking for the best security so that if some part of it is comprimised I don't have to pull all the phones back from around the country to reset id's, keys or whatever.
As best I can tell combining mac address with userid/password authentication is probably the best way to go. I've got WPA on the phones working but I'm trying to figure out how to add the mac address part. Does anyone know of a good document on the subject?
I've got various 1100/1200/1300 AP's with an ACS 3.3 server on the back end.
You are going to require an identity to login to the phone. If that user leaves the company then you can disable that account. You maintain a list of MAC accounts for authentication. If a phone is lost or stolen, remove that account from the ACS server. The usernames will only be permitted to authenticate to the designated voice ssid in the company. And finally those usernames can't be used to authenticate on other ssids within the company.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...