Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Securing Voice WLAN

Can anyone help for securing voice WLAN?

I want dedicated voice traffic flow in specific vlan no data traffic . Data traffic must drop if it is going through voice vlan.

Can we use CA Certificate + PEAP +WPA +WPA 2 Authentication in 7925 Cisco IP Phone ?

Current Scenario: We have used 2 SSID ,for Voice and data.

Voice SSID authentication

WPA + AES + EAP-FAST +MAC Authentication

Data SSID authentication

WPA + WPA2 +AES + PEAP

5 REPLIES
Gold

Re: Securing Voice WLAN

I would suggest using WPA1+TKIP+CCKM for the voice WLAN. The 792x phones do not support PMK with AES so you will be doing a full reauth at every roam. With CCKM you will get the fast roaming.

New Member

Re: Securing Voice WLAN

Can we able to use PEAP+CA certificate in voice WLAN authentication.

how can i configure dedicated voice traffic in voice wlan.

here we have a problem as few user using the voice cridential and login to the network through the laptop

Hall of Fame Super Gold

Re: Securing Voice WLAN

Hope this helps.

Cisco Unified Wireless IP Phone 7921G Deployment Guide

www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/6_0/english/deployment/guide/7921dply.pdf

Cisco Unified Wireless IP Phone 7925G Deployment Guide

www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf

Cisco Employee

Re: Securing Voice WLAN

Yes, in our deployment guides, it explains how to import a certificate in order to server validation when using PEAP.

As far as WPA vs WPA2, as mentioned, currently the 792xG does not support a fast roaming method with WPA2(AES), but supports CCKM with WPA(TKIP). Looking at adding the CCX v5 feaure of WPA2+CCKM in a future release, but not committed at this time.

Gold

Re: Securing Voice WLAN

Sure, you can use PEAP.

As far as only allowing phones on the voice WLAN you could use Radius attributes to keep laptops from being able to use that WLAN. Looks at either dynamic VLAN assignments, dynamic ACL, or using the DNAR to specify SSID.

276
Views
0
Helpful
5
Replies
CreatePlease to create content