Specifications

ManualsBrandsCisco ManualsComputer equipment7921

Cisco Unified Wireless IP Phone 7921G Series Deployment Guide 1

Cisco Unified Wireless IP Phone 7921G

Deployment Guide

The Cisco Unified Wireless IP Phone 7921G is adaptable for all mobile professionals, from users on the move within an office

environment to nurses and doctors in a healthcare environment to associates working in the warehouse, on the sales floor, or in

a call center. Staff, nurses, doctors, educators, and IT personnel can be easily reached when mobile.

This guide provides information and guidance to help the network administrator deploy these phones in a wireless LAN

environment.

Summary of content (113 pages)

PAGE 1
Cisco Unified Wireless IP Phone 7921G Deployment Guide The Cisco Unified Wireless IP Phone 7921G is adaptable for all mobile professionals, from users on the move within an office environment to nurses and doctors in a healthcare environment to associates working in the warehouse, on the sales floor, or in a call center. Staff, nurses, doctors, educators, and IT personnel can be easily reached when mobile.
PAGE 2
Revision History Date Comments 02/28/2007 Initial Version 03/16/2008 1.0(5) Release 10/13/2008 1.1(1) and 1.2(1) Releases 11/17/2009 1.3(3) Release 5/3/2010 1.3(4) Release 12/15/2010 1.
PAGE 3
Contents Requirements for the Cisco Unified Wireless IP Phone 7921G ............................................................................................................ 6 Site Survey............................................................................................................................................................................................... 6 RF Validation ..........................................................................................................
PAGE 4
Traffic Classification (TCLAS) ............................................................................................................................................................. 27 Roaming ................................................................................................................................................................................................... 28 Interband Roaming .......................................................................................
PAGE 5
Configuring the Cisco Unified Wireless IP Phone 7921G ................................................................................................................... 67 Configuring the Network Profile Parameters ....................................................................................................................................... 68 Installing Certificates..............................................................................................................................
PAGE 6
Requirements for the Cisco Unified Wireless IP Phone 7921G The Cisco Unified Wireless IP Phone 7921G is an IEEE 802.11a/b/g wireless IP phone that provides voice communications. The wireless LAN must be validated to ensure it meets the requirements to deploy the Cisco Unified Wireless IP Phone 7921G. Site Survey Before deploying the Cisco Unified Wireless IP Phone 7921G into a production environment, a site survey must be completed by a Cisco certified partner with the advanced wireless LAN specialization.
PAGE 7
Cisco Spectrum Expert AirMagnet (Survey, WiFi Analyzer, VoFi Analyzer, Spectrum Analyzer) Cisco Wireless Control System (WCS) for Unified Wireless LAN management Call Control For call control, the Cisco Unified Wireless IP Phone 7921G supports only Skinny Client Control Protocol (SCCP) on the following applications: • Cisco Unified Communications Manager 4.1, 4.2, 4.3, 5.0, 5.1, 6.0, 6.1, 7.0, 7.1, 8.0 and later • Cisco Unified Communications Manager Express 4.1, 4.2, 4.3 and later (Minimum of 12.
PAGE 8
• Cisco Unified Wireless LAN Controller Minimum = 5.2.193.0 Recommended = 7.0.98.0 or later • Cisco IOS Access Points (Autonomous) Minimum = 12.3(8)JEA2 or later Recommended = 12.4(10b)JA3 or later (does not apply to 1100, 1200, 1230) Note: VoWLAN is not currently supported in conjunction with outdoor MESH technology (1500 series). 3rd party access points are not supported, as there is no interoperability testing performed against 3rd party access points.
PAGE 9
The table below lists the modes that are supported by each Cisco access point. Cisco AP Series 802.11a 802.11b 802.11g 802.
PAGE 10
Please refer to the following URL for the list of supported antennas and how these external antennas should be mounted. http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/product_data_sheet09186a008008883b.html 3rd party antennas are not supported, as there is no interoperability testing performed against 3rd party antennas including Distributed Antenna Systems (DAS) and Leaky Coaxial Systems.
PAGE 11
World Mode (802.11d) If using the Cisco Unified Wireless IP Phone 7921G World (-W) model, then it is required to enable 802.11d. The Cisco Unified Wireless IP Phone 7921G gives precedence to 802.11d to determine the channels and transmit powers to use and inherits its client configuration from the associated access point. Enable World Mode (802.11d) for the corresponding country where the access point is located. If 802.
PAGE 12
Germany (DE) New Zealand (NZ) Ukraine (UA) Gibraltar (GI) Norway (NO) United Arab Emirates (AE) Greece (GR) Oman (OM) United Kingdom (GB) Hong Kong (HK) Panama (PA) United States (US Hungary (HU) Iceland (IS) Peru (PE) Phillipines (PH) Venezuela (VE) Vietnam (VN) Note: Compliance information is available on the Cisco Product Approval Status web site at the following URL: http://tools.cisco.com/cse/prdapp/jsp/externalsearch.
PAGE 13
48 Mbps 328 ft (100 m) -76 dBm 54 Mbps 295 ft (90 m) -74 dBm 802.11g Data Rate Range Receiver Sensitivity Max Tx Power is 16 dBm 6 Mbps 722 ft (220 m) -90 dBm 9 Mbps 656 ft (200 m) -89 dBm 12 Mbps 623 ft (190 m) -87 dBm 18 Mbps 623 ft (190 m) -85 dBm 24 Mbps 623 ft (190 m) -82 dBm 36 Mbps 492 ft (150 m) -78 dBm 48 Mbps 410 ft (125 m) -74 dBm 54 Mbps 394 ft (120 m) -73 dBm 802.
PAGE 14
Encryption • AES (Advanced Encryption Scheme) • TKIP / MIC (Temporal Key Integrity Protocol / Message Integrity Check) • WEP (40-bit and 128-bit Wired Equivalent Protocol) Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) This client server security architecture encrypts EAP transactions within a Transport Level Security (TLS) tunnel between the access point and the Remote Authentication Dial-in User Service (RADIUS) server such as the Cisco Access Control Se
PAGE 15
If anonymous PAC provisioning is not allowed in the product wireless LAN environment then a staging Cisco ACS can be setup for initial PAC provisioning of the Cisco Unified Wireless IP Phone 7921G. This requires that the staging ACS server be setup as a slave EAP-FAST server and components are replicated from the product master EAP-FAST server, which include user and group database and EAP-FAST master key and policy info.
PAGE 16
Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) Extensible Authentication Protocol Transport Layer Security (EAP-TLS) is using the TLS protocol with PKI to secure communications to the authentication server. TLS provides a way to use certificates for both user and server authentication and for dynamic session key generation. Either the internal Manufacturing Installed Certificate (MIC) or a user installed certificate can be used for authentication.
PAGE 17
See the “Installing Certificates” section for more information. Protected Extensible Authentication Protocol (PEAP) Protected Extensible Authentication Protocol (PEAP) uses server-side public key certificates to authenticate clients by creating an encrypted SSL/TLS tunnel between the client and the authentication server. The ensuing exchange of authentication information is then encrypted and user credentials are safe from eavesdropping.
PAGE 18
PEAP (MS-CHAPv2) requires that a user account be created on the authentication server. In release 1.2(1), the authentication server can be validated via importing a certificate into the Cisco Unified Wireless IP Phone 7921G. See the “Installing Certificates” section for more information. Cisco Centralized Key Management (CCKM) When using 802.1x type authentication, it is recommended to implement CCKM to enable fast roaming. 802.
PAGE 19
EAP-FAST 802.1x, WPA, WPA2 AES, TKIP, WEP (40 or 128 bit) EAP-TLS 802.1x, WPA, WPA2 AES, TKIP, WEP (40 or 128 bit) PEAP 802.1x, WPA, WPA2 AES, TKIP, WEP (40 or 128 bit) LEAP 802.1x, WPA, WPA2 AES, TKIP, WEP (40 or 128 bit) AKM 802.1x, WPA, WPA2 AES, TKIP, WEP (40 or 128 bit) CCKM was not supported with WPA2 in release 1.3(3) or earlier. WPA Version Cipher Prior to 1.3(4) 1.
PAGE 20
Voice Security The Cisco Unified Wireless IP Phone 7921G supports the following voice security features.
PAGE 21
Idle 150 200 If the access point does not support CCX or proxy ARP is not enabled, then the idle battery life will be up to fifty percent less. See the “Configuring Proxy ARP” section for more information. Protocols Unscheduled Auto Power Save Delivery (U-APSD) The Cisco Unified Wireless IP Phone 7921G will use U-APSD (Unscheduled Auto Power Save Delivery) for power save when in idle mode or when a phone call is active if WMM is enabled, where U-APSD is supported. U-APSD helps optimize battery life.
PAGE 22
Delivery Traffic Indicator Message (DTIM) Increasing the DTIM period can also increase the battery life. The Cisco Unified Wireless IP Phone 7921G can use the DTIM period to schedule wakeup periods to check for broadcast and multicast packets as well as any unicast packets. For optimal battery life and performance, we recommend setting the DTIM period to “2” with a beacon period of “100 ms”. The DTIM period is a tradeoff between battery life and multicast performance.
PAGE 23
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/7_1_2/CCM_7.1.2PortList.pdf Configuring QoS in Cisco Unified Communications Manager The SCCP DSCP values are configured in the Cisco Unified Communications Manager enterprise parameters. Cisco Unified Communications Manager uses the default value of CS3 to have devices set the DSCP marking for SCCP packets as shown in the Enterprise Parameters Configuration page.
PAGE 24
service-policy output Voice Configuring Cisco Switch Ports Configure the Cisco access point switch ports and uplink switch ports for DSCP trust. mls qos ! interface X mls qos trust dscp Note: When using the Cisco Unified Wireless LAN Controller, DSCP trust must be implemented or trust the UDP data ports used by the Cisco Unified Wireless LAN Controller (LWAPP = 12222 and 12223; CAPWAP = 5246 and 5247) on all interfaces where wireless packets will traverse to ensure QoS markings are correctly set.
PAGE 25
class-map match-all RTP match access-group name RTP ! policy-map Voice class RTP set dscp ef ! class SCCP set dscp cs3 ! interface X service-policy input Voice service-policy output Voice Sample Voice Packet Capture This packet capture below shows that RTP packets bound for the Cisco Unified IP Phone 7921G over the air should be marked with DSCP = EF and UP = 6.
PAGE 26
Call Admission Control Inbound and outbound call admission control can be enabled on the access point. • Enable Call Admission Control / Wi-Fi MultiMedia Traffic Specifications (TSPEC) • Set the desired maximum RF bandwidth that is allocated for voice traffic (default = 75%) • Set the bandwidth that is reserved for roaming clients (default = 6%) The minimum PHY rate can be configured for which the phone is to use when Call Admission Control (CAC) is enabled.
PAGE 27
refused, there is no messaging from the Cisco Unified Wireless IP Phone 7921G Series to inform the remote endpoint that there is insufficient bandwidth to establish the call, so the call can continue to ring out within the system until the remote user terminates the call.
PAGE 28
TCP and UDP port information will be used to set the UP (User Priority) value. The previous method of classification depends upon preservation of DSCP value throughout the network, where the DSCP value maps to a particular queue (BE, BK, VI, VO). However, the DSCP values are not always preserved as this can be viewed as a security risk. TCLAS is supported in the Cisco Unified Wireless LAN Controller release 5.1.151.0 and later.
PAGE 29
where the user may experience choppy audio with the weak signal, followed up with a small second audio gap before looking for the least preferred band. Then once it has failed over to a less preferred band (i.e. associated to 802.11b/g when phone configured for Auto-a), there was no mechanism in place to check to see if the preferred band is available again or not in order to roam back to the preferred band.
PAGE 30
Designing the Wireless LAN for Voice The following network design guidelines must be followed in order to accommodate for adequate coverage, call capacity and seamless roaming for the Cisco Unified Wireless IP Phone 7921G. For more information about these topics, refer to the “VoWLAN Design Recommendations” chapter in the Enterprise Mobility Design Guide at this URL: http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/eMob4.1.
PAGE 31
Using Dynamic Frequency Selection (DFS) on Access Points For autonomous solution access points, select Dynamic Frequency Selection (DFS) to use auto channel selection. When DFS is enabled, enable at least one band (bands 1-4). For unified access points, enable Auto RF unless there is an intermittent interferer in an area which select access points can have the channel statically assigned. In case of radar activity, have at least one access point per area that uses a non-DFS channel (UNII-1).
PAGE 32
2.4 GHz (802.11b/g) In the 2.4 GHz (802.11b/g environment, only non-overlapping channels must be utilized when deploying VoWLAN. Nonoverlapping channels have 22 MHz of separation and are at least 5 channels apart. There are only 3 non-overlapping channels in the 2.4 GHz frequency range (channels 1, 6, 11). In Japan, channel 14 can be utilized as a fourth non-overlapping channel when using 802.11b access points.
PAGE 33
Signal Strength and Coverage To ensure acceptable voice quality, the Cisco Unified Wireless IP Phone 7921G should always have a signal of -67 dBm or higher when using 2.4 or 5 GHz and ensure the Packet Error Rate (PER) is no higher than 1%. A minimum Signal to Noise Ratio (SNR) of 25dB = -92dBm noise level with -67 dBm signal should be maintained. It is recommended to have at least two access points on non-overlapping channels with at least -67 dBm signal with the 25 dB SNR to provide redundancy.
PAGE 34
When designing the placement of access points, be sure that all key areas have sufficient coverage (signal). Typical wireless LAN deployments for data only applications do not provide coverage for some areas where VoWLAN service is necessary such as elevators, stairways, and outside corridors. Wireless LAN interference is generated by microwave ovens, 2.4 GHz cordless phones, Bluetooth devices, or other electronic equipment operating in the 2.4 GHz band.
PAGE 35
Configuring Data Rates It is recommended to disable rates below 12 Mbps for 802.11a and below 12 Mbps for 802.11b/g deployments where capacity and range are factored in for best results. If 802.11b clients are not allowed in the wireless LAN, then it is recommended to disable the 1, 2, 5.5, 11 Mbps data rates. When 802.11b clients exist in the wireless network, then an 802.11b rate must be enabled and only an 802.11b rate can be configured as a basic rate.
PAGE 36
Enabling these rates could potentially increase the number of retries for a data frame. Other applications may be able to benefit from having these higher data rates enabled. Note: Some environments may require that a lower data rate be enabled due to use of legacy clients, environmental factors or maximum range is required. Set only the lowest data rate enabled as the single basic rate. Multicast packets will be sent at the highest basic data rate enabled.
PAGE 37
Dynamic Transmit Power Control (DTPC) To successfully exchange packets between the wireless IP phone and the access point, Dynamic Transmit Power Control (DTPC) should be enabled. When using an access point that supports DTPC, set the client power to match the local access point power. Do not use default setting of Max power for client power on Cisco autonomous access points as that will not advertise DTPC to the client.
PAGE 38
Occurs when the reflected waves arrive in phase with the main signal and add on to the main signal thereby increasing the signal strength. Decreased Signal Amplitude Occurs when the reflected waves arrive out of phase to some extent with the main signal thereby reducing the signal amplitude. Use of Orthogonal Frequency Division Multiplexing (OFDM), which is used by 802.11a and 802.11g, can help to reduce issues seen in high multipath environments. If using 802.
PAGE 39
To see all access points in the neighbor list menu, place a call from the Cisco Unified Wireless IP Phone 7921G to a wired IP phone, where scanning occurs constantly while the phone call is active in auto scan mode. Otherwise configure continuous scan mode. The connected access point will be highlighted in red.
PAGE 40
Cisco Unified Wireless IP Phone 7921G Series Deployment Guide 40
PAGE 41
Configuring Cisco Unified Communications Manager Cisco Unified Communications Manager provides many different phone, calling and security features. Phone Button Templates The Cisco Unified Wireless IP Phone 7921G supports 6 lines. The default phone button template includes support for 2 lines and 4 speed dials. Custom phone button templates can be created with the option for many different features, which can then be applied on a phone by phone basis.
PAGE 42
Security Profiles Security profiles can be utilized to enable authenticated mode or encrypted mode, where signaling, media and phone configuration file encryption. The Certificate Authority Proxy Function (CAPF) to be operational. Each Cisco Unified Wireless IP Phone 7921G has a Manufactured Installed Certificate (MIC).
PAGE 43
G.722 Advertisement Cisco Unified Communications Manager versions 5.0 and later support the ability to configure whether G.722 is to be a supported codec system wide or not. Earlier versions of Cisco Communications Manager do not have this capability, where a Cisco Unified Wireless IP Phone 7921G with release 1.1(1) or later will attempt to use G.722 assuming the other endpoint also advertises G.722 capabilities. If using a version of Cisco Unified Communications Manager prior to 5.0 and want to disable G.
PAGE 44
Field Name Description Disable Speakerphone Speakerphone capabilities can optionally be disabled. Gratuitous ARP Determines whether the phone will learn MAC addresses from Gratuitous ARP responses or not. Settings Access Settings Access can be used to limit user access to certain menus (i.e. Network Profiles). Web Access This parameter indicates whether the phone will accept connections from a web browser or another HTTP client.
PAGE 45
Locked Profiles Individual profiles can also be locked, which does not allow the user to modify those settings. Load Server A load server can be specified in IP format (x.x.x.x) if wanting to use an alternate TFTP server for phone firmware downloads. Admin Password The admin password is used for web access. With Cisco Unified Communications Manager 5.0 or later the admin password must be managed in Communications Manager Administrator page, where previous versions allow local management.
PAGE 46
Application Button Priority If the priority is low, then will only function when the keypad is unlocked and on the home screen. Medium priority will allow the application button to function when in any menu or XML screen and high priority will allow the application button to function when in any state including keypad lock. Out of Range Alert An out of range alert can be configured to beep once or periodically to audibly notify the user that they have traveled out of the coverage area.
PAGE 47
Note: If configuring the “Admin Password” in Cisco Unified Communications Manager versions 5.0, 5.1, 6.0, 6.1, 7.0, 7.1, 8.0 or later and web access is set to “Full”, then it is recommended to enable TFTP encryption via the device security profile. As of the 1.3(3) release, if settings access is set to “Disabled”, then the current ring volume will be locked in and will no longer be configurable.
PAGE 48
Display On Time displayOnTime (([0-1][0-9])|(2[0-3])):[0-5][0-9] Example: 07:30 Display On Duration displayOnDuration (([0-1][0-9])|(2[0-3])):[0-5][0-9] Example: 10:30 Display Idle Timeout displayIdleTimeout (([0-1][0-9])|(2[0-3])):[0-5][0-9] Example: 01:00 Phone Book Web Access phoneBookWebAccess 0 = Deny All; 1 = Allow Admin Unlock-Settings Sequence unlockSettingsSequence 0 = Disabled; 1 = Enabled Application Button Activation Timer appButtonTimer 0 = Disabled; <1-5> = <1-5> seconds Appl
PAGE 49
cnf-file perphone create cnf-files For more information on these features, see the Cisco Unified Wireless IP Phone 7921G Administration Guide or the Cisco Unified Wireless IP Phone 7921G Release Notes. http://www.cisco.com/en/US/products/hw/phones/ps379/prod_maintenance_guides_list.html http://www.cisco.com/en/US/products/hw/phones/ps379/prod_release_notes_list.
PAGE 50
It is recommended to have the Cisco Unified Wireless IP Phone 7921G operate on the 5 GHz band due to have many channels available and not as many interferers as the 2.4 GHz band has. In order to utilize CCKM, enable WPA2 policy with AES encryption and 802.1x + CCKM for authenticated key management type when the Cisco Unified Wireless IP Phone 7921G is running firmware version 1.3(4) or later in order to enable fast secure roaming. If the Cisco Unified Wireless IP Phone 7921G is running firmware version 1.
PAGE 51
The WMM policy can be set to “Required” only if the Cisco Unified Wireless IP Phone 7921G or other WMM enabled phones will be using this SSID. If 7920 or other non-WMM clients will associate using this SSID, then ensure the WMM policy is set to “Allowed”. Enable “7920 AP CAC” to advertise Qos Basic Service Set (QBSS) to the client. Configure session timeout as necessary. It is recommended to extend the timeout to avoid possible interruptions during reauthentication (i.e. 86400).
PAGE 52
For the autonomous access point, ensure that the SSID is configured for open + eap as and network-eap when using 802.1x authentication. As of the 1.3(2) release, the Cisco Unified Wireless IP Phone 7921G utilizes open + eap when doing 802.1x authentication, but utilized network-eap in previous releases.
PAGE 53
If using layer 3 mobility, then symmetric tunneling should be enabled . In the recent versions, Symmetric Mobility Tunneling is enabled by default and non-configurable. When multiple Cisco Unified Wireless LAN Controllers are to be in the same mobility group, then the IP address and MAC address of each Cisco Unified Wireless LAN Controller should be added to the Static Mobility Group Members configuration.
PAGE 54
802.11 Network Settings If using 5 GHz, ensure the 802.11a network status is set to enabled. Set the beacon period to 100ms. Ensure DTPC Support is enabled. If using 802.11n capable access points, ensure ClientLink is enabled. Configure 12 Mbps as the mandatory (basic) rate and 18 – 24 or 54 Mbps as supported (optional) rates. 36-54 Mbps can optionally be disabled, if there are not any applications that can benefit from those rates. Enable CCX Location Measurement.
PAGE 55
If using 2.4 GHz, ensure the 802.11b/g network status and 802.11g is set to enabled. Set the beacon period to 100ms. Use the short preamble setting in the 2.4 GHz radio configuration setting on the access point when no legacy clients that require a long preamble are present in the wireless LAN. By using the short preamble instead of long preamble, the wireless network performance is improved. Ensure DTPC Support is enabled. If using 802.11n capable access points, ensure ClientLink is enabled.
PAGE 56
Auto RF When using the Cisco Unified Wireless LAN Controller it is recommended to enable Auto RF to manage the channel and transmit power settings. If electing to utilize the Auto-RF feature on the Cisco Unified Wireless LAN Controller, it is recommended to use version 4.1.185.0 or later. Configure the access point transmit power level assignment method for either 5 or 2.4 GHz depending on which band is to be utilized.
PAGE 57
If using 5 GHz, ensure that channel 165 is not enabled in the DCA list as the Cisco Unified Wireless IP Phone 7921G does not support channel 165. If using 2.4 GHz, only channels 1, 6, and 11 should be enabled in the DCA list.
PAGE 58
Individual access points can be configured to override the global setting to use dynamic channel and transmit power assignment for either 5 or 2.4 GHz depending on which band is to be utilized. Other access points enabled can be enabled for Auto RF and workaround the access points that are statically configured. This may be necessary if there is an intermittent interferer present in an area. Enable ClientLink if using 802.11n capable access points.
PAGE 59
EDCA Parameters Set the EDCA profile for “Voice Optimized” and disable “Low Latency MAC” for either 5 or 2.4 GHz depending on which band is to be utilized. Low Latency MAC (LLM) reduces the number of retransmissions to 2-3 per packet depending on the access point platform, so it can cause issues if multiple data rates are enabled. LLM is not supported on the Cisco 802.11n access points. DFS (802.11h) In the DFS (802.11h) configuration, channel announcement and quite mode should be enabled.
PAGE 60
Call Admission Control Settings Enable Call Admission Control (TSPEC) for Voice and configure maximum bandwidth and reserved roaming bandwidth percentages for either 5 or 2.4 GHz depending on which band is to be utilized. Maximum bandwidth default setting for voice is 75% where 6% of that bandwidth is reserved for roaming clients. Roaming clients are not limited to using the reserved roaming bandwidth, but is to reserve some bandwidth in case all other bandwidth is utilized.
PAGE 61
Call Admission Control for Video should be disabled.
PAGE 62
After enabling Call Admission Control, the following configuration should be enabled, which can be displayed in the “show run-config”. Call Admision Control (CAC) configuration Voice AC - Admission control (ACM)............ Enabled Voice max RF bandwidth........................ 75 Voice reserved roaming bandwidth.............. 6 Voice load-based CAC mode..................... Enabled Voice tspec inactivity timeout................ Disabled Video AC - Admission control (ACM)............
PAGE 63
If enabling the STREAM feature either directly or via selecting “Optimized Voice” for the radio access category in the QoS configuration section, ensure that only voice packets (RTP) are being put into the voice queue. Signaling packets (SCCP) should be put into a separate queue. This can be ensured by setting up a QoS policy mapping the DSCP to the correct queue.
PAGE 64
Below are the commands to change the QBSS max threshold for each platform type. Cisco Unified Wireless LAN Controller = “config advanced 802.11b 7920VSIEConfig call-admission-limit ” Cisco Autonomous Access Point = “dot11 phone cac-thresh ” Configuring Auto-Immune It is recommended to disable the Auto-Immune feature on the Cisco Unified Wireless LAN Controller. The Auto-Immune feature was introduced in the 4.2.176.0 release, which was enabled by default and non-configurable. As of the 4.2.
PAGE 65
Auto-Immune.................................... Disabled Client Exclusion Policy Excessive 802.11-association failures.......... Enabled Excessive 802.11-authentication failures....... Enabled Excessive 802.1x-authentication................ Enabled IP-theft....................................... Enabled Excessive Web authentication failure........... Enabled Signature Policy Signature Processing...........................
PAGE 66
As of 6.0.182.0 release, the EAPOL-Key Timeout is configurable in milliseconds, where in previous releases it was only allowed to be configured in seconds. It is recommended to set the EAPOL_Key timeout to 200 milliseconds. The EAPOL-Key Timeout should not exceed 1 second (1000 milliseconds). Configuring Proxy ARP To advertise the proxy ARP information element, ensure that Aironet extensions are enabled.
PAGE 67
Configuring TKIP Countermeasure Holdoff Time TKIP countermeasure mode can occur if the Access Point receives two message integrity check (MIC) errors within a 60 second period. When this occurs, the Access Point will de-authenticate all TKIP clients associated to that 802.11 radio and holdoff any clients for the countermeasure holdoff time (default = 60 seconds).
PAGE 68
Configuring Phones with the Web Interface The Cisco Unified Wireless IP Phone 7921G has an HTTPS enabled web interface that can be accessed via the 802.11a/b/g radio or USB. If using USB, then set a static IP on the PC’s USB network interface (i.e. 192.168.1.X /24). By default, the Cisco Unified Wireless IP Phone 7921G USB is statically set to 192.168.1.100 /24. In order to make configuration changes via the web interface, then web access must be set to “Full”, which will also enable a few additional menus.
PAGE 69
• • • 802.11a mode will only scan 5 GHz channels and 802.11b/g mode will only scan 2.4 GHz channels, where it will then attempt to associate to an access point if the configured network is available. For Auto-a and Auto-b/g modes, this is giving preference to one band over another. At power on, will scan all 2.4 and 5 GHz channels then attempt to associate to an access point for the configured network using the preferred band if available.
PAGE 70
• The AKM security mode is an auto authentication mode that can use either LEAP for 802.1x authentication or WPA Pre-Shared Key. • If using 802.11i (Pre-Shared key), enter the ASCII or hexadecimal formatted key. Pre-Shared Key requires that a passphrase be entered in ASCII or hexadecimal format. ASCII = 8-63 characters HEX = 64 characters (0-9,A-F) • AKM mode requires a key management type to be enabled on the Access Point. For 802.1x authentication methods, WPA, WPA2 or CCKM is required. For non-802.
PAGE 71
Cisco Unified Wireless IP Phone 7921G Series Deployment Guide 71
PAGE 72
Note: If the TFTP IP is changed which is not included in the current Certificate Trust List (CTL) file, then TFTP will fail and may prevent the phone from registering successfully to the Cisco Unified Communications Manager. The CTL file will need to be erased manually in the Security Configuration menu from the Cisco Unified Wireless IP Phone 7921G. Configuring Advanced Network Profile Settings In the Advanced Network Profile settings, the minimum PHY rate can be adjusted.
PAGE 73
Cisco Unified Wireless IP Phone 7921G Series Deployment Guide 73
PAGE 74
Installing Certificates The Cisco Unified Wireless IP Phone 7921G supports DER encoded binary X.509 certificates, which can be utilized with EAPTLS or for authentication server validation when using PEAP (MS-CHAPv2). Extensible Authentication Protocol Transport Layer Security (EAP-TLS) is using the TLS protocol with PKI to secure communications to the authentication server. TLS provides a way to use certificates for both user and server authentication and for dynamic session key generation.
PAGE 75
Browse to the Certificate Authority certificate and select “Submit”. Only certificates with a key size of 1024 or 2048 are supported. Certificates dated January 1 2038 and later are not supported. After “Submit” is selected, the certificate will then be generated. The certificate will then be displayed and is now ready to be signed. Select all of the certificate data in order to copy it to the Certificate Authority server to be signed.
PAGE 76
Select the method to submit a certificate request by using a base-64 encoded PKCS file. Paste the certificate data from the Cisco Unified Wireless IP Phone 7921G to the Certificate Authority signing server and submit for signing. When the certificate has been signed, download the CA certificate in DER encoded format (base 64 encoded certificates are not supported).
PAGE 77
Ensure Client Authentication is listed in the Enhanced Key Usage section of the certificate details. After selecting “Import Step”, browse to the signed user certificate and select “Import” to complete the process.
PAGE 78
Once the certificate is installed successfully, a confirmation page will be displayed. The CA chain should already be enabled in the authentication server’s certificate trust list. The authentication server certificate must also be imported into the Cisco Unified Wireless IP Phone 7921G for both the MIC and User Installed methods.
PAGE 79
The Cisco Unified Wireless IP Phone 7921G must be restarted after installing the certificate. Click on the hyperlink to navigate to the “Phone Restart” page.
PAGE 80
Click the “Restart” button to power cycle the phone. Using Templates to Configure Phones Phone configuration templates can be exported and imported to other phones for quick configuration. The phone configuration template will be encrypted using the specified encryption key (8-20 characters). In order to access the Backup Settings menu, the web access must be set to “Full”.
PAGE 81
To upgrade the phone firmware, run the executable for Cisco Unified Communications Manager version 4.1, 4,2 and 4.3 or install the COP file for versions 5.0, 5.1, 6.0, 6.1, 7.0, 7.1, 8.0 and later. For information on how to install the COP file on CM versions 5.0 and later, refer to the Cisco Unified Communications Manager Operating System Administrator Guide at this URL: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/iptpch7.
PAGE 82
The Wavelink Avalanche server IP address can be set either via DHCP option 149 or statically. To provide the server IP address automatically, configure option 149 on the DHCP server. ip dhcp pool 10.10.11.0 network 10.10.11.0 255.255.255.0 default-router 10.10.11.1 dns-server 10.10.10.20 domain-name cisco.com option 150 ip 10.10.10.22 option 149 ip 10.10.11.128 Custom parameters can also be set via the Cisco Unified Wireless IP Phone 7921G web page in order to help group clients for better management.
PAGE 83
The Cisco Unified Wireless IP Phone 7921G will have parameters enabled by default. EnablerVer = 3.11-01 ModelName = CP7921G Additional properties can be added as necessary for better client management.
PAGE 84
Mobile Device Groups can be created to group clients based on client properties. Enter the selection criteria either manually or using the wizard after right clicking on the mobile device group and selecting “Settings”.
PAGE 85
To install the 7921G Configuration Utility for Wavelink Avalanche, select “Install Software Package” under the Software Management menu. Browse to the 7921G Configuration Utility package file (i.e. 7921CU-1.2.1.AVA). Create a software collection to add the package to. The license agreement will be displayed, after selecting “Next”, Click on “Finish” when the installation is complete. Note: The 7921CU must be installed locally on the Wavelink Avalanche server.
PAGE 86
The software package must then be enabled by right clicking on the package and selecting “Enable Package”. Selection collections can also be created with their own selection criteria to determine which clients should receive the software package.
PAGE 87
To configure the software package, right click on the package and select “7921CU”. The 7921G Configuration Utility will then be launched.
PAGE 88
Enter the profile name and enable the profile. Configure the network profiles by specifying the Wireless LAN credentials. PEAP and EAP-TLS are not supported in the Configuration Utility for Wavelink.
PAGE 89
Configure the network settings for the network profile.
PAGE 90
Ensure that Wavelink server enable is set to “Yes”. Configure whether the client will get the Wavelink IP info from DHCP or configured statically. Optionally set additional client parameters as necessary. When the template has been completely configured, then select “Export to Wavelink” under the File menu. A confirmation will then be displayed after the template has been exported successfully. After the template has become available, will then need to push the package to the necessary clients.
PAGE 91
This utility does not support certificate provisioning, which would be required in order to support server validation for PEAP or EAP-TLS. The utility does allow PEAP to be configured, but without the server validation option. The Bulk Deployment Utility supports up to 1000 entries per CSV for export. If more than 1000 phones are being deployed, then multiple CSV files will need to be created and imported. If doing a bulk export, the username and password is applied to network profile 1 only.
PAGE 92
Templates can be created for later use, by selecting File > Save As. Do not overwrite the “7921Cfg.xml” file as that is the default template used when the utility opens. Phone configuration files can be exported by either the Default Export method or the Bulk Export method. If a common set of credentials is to be used by all phones (i.e. WPA2-PSK or a common 802.1x account), then use the Default Export method. If unique 802.1x accounts are to be deployed, then use the Bulk Export method.
PAGE 93
Default Export If needing to deploy the Cisco Unified Wireless IP Phone 7921G with identical WLAN settings, then select the “Default Export” method. After selecting “Default Export” the utility will create a TFTP downloadable configuration file based on the common data entered, which is exported to the application install path (C:\Program Files\Cisco Systems\7921BD). A confirmation window will be displayed when the default TFTP downloadable config file has been exported successfully.
PAGE 94
Up to 1000 entries are supported per CSV file. The “userinfo.csv” file in the install path can be used as a template. MAC,Username,Password 001e7abb19c8,admin,Cisco Once the CSV file is imported, the utility will create TFTP downloadable configuration files for each phone, which are exported to the application install path (C:\Program Files\Cisco Systems\7921BD). A confirmation window will be displayed when the TFTP downloadable config files have been exported successfully.
PAGE 95
The phone book data can be exported which can be imported onto other phones. Release 1.2(1) supports XML and CSV format as well as the CSV format used by the Cisco Unified Wireless IP Phone 7920.
PAGE 96
Increased Font As of the 1.4(1) release, there are options for default (original) font or increased font. The font size can optionally be configured locally on the phone.
PAGE 97
Default Font Increased Font Cisco Unified Wireless IP Phone 7921G Series Deployment Guide 97
PAGE 98
Using Phone Designer The Phone Designer application allows the ability to have a customer wallpaper and ringtone for each phone. The Cisco Unified Wireless IP Phone 7921G is supported in Phone Designer version 7.1(3) and later. Personalization must also be enabled in the Cisco Unified Communications Manager either in Enterprise Parameters, Common Phone Profile or on a per phone level.
PAGE 99
In order to configure the ringtone, either select a pre-defined ringtone or import a ringtone from the local computer by selecting “Import”. To hear the ringtone on the phone, select “Preview on Phone”. To activate and save the ringtone to the phone flash, select “Save to Phone”. The Phone Designer application can be downloaded from the following location. http://tools.cisco.com/support/downloads/go/Redirect.
PAGE 100
For information on IP phone services configuration, refer to the following URL. http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/8_0_2/ccmcfg/b06phsrv.html Extensible Markup Language (XML) The following document provides the information needed for eXtensible Markup Language (XML) and X/Open System Interface (XSI) programmers and system administrators to develop and deploy IP phone services. http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/all_models/xsi/8_0_1/xsi_dev_guide.
PAGE 101
This information is also available locally on the phone under Settings > Status > Call Statistics or if on a phone call press the center button twice. For more information, see the “Troubleshooting the Cisco Unified Wireless IP Phone 7921G” chapter in the Cisco Unified Wireless IP Phone 7921G Administration Guide at this URL: http://www.cisco.com/en/US/products/hw/phones/ps379/prod_maintenance_guides_list.
PAGE 102
Network Statistics Queue statistics can also be displayed by navigating to Settings > Status > Network Statistics. If on a phone call, should see the “DataRcvVO” counter increasing assuming QoS has been deployed correctly. This reflects that voice packets are being properly marked as UP6 (VO) downstream to the Cisco Unified Wireless IP Phone 7921G.
PAGE 103
Cisco Unified Wireless IP Phone 7921G Series Deployment Guide 103
PAGE 104
Wireless LAN Statistics Traffic Stream Metrics (TSM) The Traffic Stream Metrics feature requires the client to report voice traffic related measurements to the AP. The parameters (queue delay, media delay, packet loss, packet count, roaming delay, roaming count) will be gathered by the AP and escalated to the WLAN management system, which will help maintain a database that can be used for the benefit of the stations by ensuring low packet latency and loss.
PAGE 105
See the “Call Admission Control Settings” section for further information on how to enable TSM. To view Traffic Stream Metrics data for a client, select TSM from the drop down menu for which band the Cisco Unified Wireless IP Phone 7921G is using. The Traffic Stream Metrics data entries will then be displayed. Select one of the entries to display the uplink and downlink statistics.
PAGE 106
Trace Modules Kernel Operating System Wireless LAN Driver Channel scanning, roaming, authentication Wireless LAN Manager WLAN Management, QoS Configuration Phone configuration, firmware upgrade Call Control Cisco Unified Communications Manager messaging (SCCP) Network Services DHCP, TFTP, CDP, WWW, Syslog Security Subsystem Application level security Cisco Unified Wireless IP Phone 7921G Series Deployment Guide 106
PAGE 107
User Interface Keypad, softkeys, MMI Audio System RTP, SRTP, RTCP, DSP System Event Manager Trace Levels Various levels of tracing are available which provide different levels of messaging. Emergency, Alert, Critical, Error, Warning, Notice, Info, Debug Note: All trace modules are set to Error level by default. Voice quality can potentially be impacted if higher trace levels are configured or if “Preserve Logs” is enabled, which will write the logs to flash memory. In firmware 1.
PAGE 108
Hardware Diagnostics As of the 1.3(4) release, a self-diagnostics tool is now available which can help with hardware analysis. The Diagnostics menu is located under Phone Settings menu, where then the Keypad, Speaker, Microphone and Wireless LAN Radio and Antenna can be validated. The WLAN diagnostics menu is the standard Site Survey utility, which will use the current network profile information to perform passive and active scans for the configured SSID and 802.11 mode.
PAGE 109
3. Insert the USB cable into the phone after USB initialization is complete. (Ensure that the USB driver has been installed prior and that an IP in the 192.168.1.0 /24 network has been configured for that network connection) 4. When “Web Access Available...” is displayed, then navigate to http://192.168.1.100. 5. Browse to the TAR file, then click on “Upload”. Restoring Factory Defaults The configuration can be cleared by using the factory default menu option on the phone.
PAGE 110
Healthcare Environments This product is not a medical device and uses an unlicensed frequency band that is susceptible to interference from other devices or equipment. Cleaning the Phone Gently wipe the Cisco Unified Wireless IP Phone 7921G screen and housing with a soft, dry cloth. Do not use any liquids or powders to clean the phone. Using anything other than a soft, dry cloth can damage the phone and cause failures.
PAGE 111
Additional Documentation Cisco Unified Wireless IP Phone 7921G Data Sheet http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/phones/ps379/product_data_sheet0900aecd805e315d.html Cisco Unified Wireless IP Phone 7921G Administration Guide http://www.cisco.com/en/US/products/hw/phones/ps379/prod_maintenance_guides_list.html Cisco Unified Wireless IP Phone 7921G Phone Guide and Quick Reference http://www.cisco.com/en/US/products/hw/phones/ps379/products_user_guide_list.
PAGE 112
http://www.cisco.com/en/US/products/ps6366/products_installation_and_configuration_guides_list.html Autonomous Access Point Documentation http://www.cisco.com/en/US/products/ps6521/products_installation_and_configuration_guides_list.html Open Source License Notices for the Cisco Unified IP Phones 7900 Series http://www.cisco.com/en/US/products/hw/phones/ps379/products_licensing_information_listing.
PAGE 113
____________________________________________________________________________________________________ CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified