Specifications
Table Of Contents
- Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified CallManager Release 4.1, 4.2, 5.0 and Later
- Contents
- Preface
- An Overview of the Cisco Unified Wireless IP Phone 7921G
- An Overview of the Voice Over IP Wireless Network
- Understanding the Wireless LAN
- Components of the VoIP Wireless Network
- Voice Over IP Wireless Network Configuration
- Site Survey Verification
- Setting Up the Cisco Unified Wireless IP Phone 7921G
- Before You Begin
- Installing the Cisco Unified Wireless IP Phone 7921G
- Powering On the Cisco Unified Wireless IP Phone 7921G
- Understanding the Phone Startup Process
- Using the Cisco Unified Wireless IP Phone 7921G Web Pages
- Using the USB Connection for Initial Phone Configuration
- Updating Phones Remotely
- Configuring Network Profiles
- Configuring USB Settings
- Configuring Trace Settings
- Using System Settings
- Configuring Settings on the Cisco Unified Wireless IP Phone 7921G
- Accessing Network and Phone Settings
- Configuring Network Profile Settings
- Changing Phone Settings
- Configuring the Security Certificate on the Phone
- Changing the USB Configuration
- Configuring Features, Templates, Services, and Users
- Configuring Cisco Unified Wireless IP Phones in Cisco Unified CallManager
- Telephony Features Available for the Phone
- Specific Configuration Options for the Cisco Unified Wireless IP Phone 7921G
- Configuring Softkey Templates
- Modifying Phone Button Templates
- Setting Up Services
- Configuring Corporate and Personal Directories
- Adding Users to Cisco Unified CallManager
- Managing the User Options Web Pages
- Creating Custom Phone Rings
- Viewing Security, Device, Model, and Status Information on the Phone
- Monitoring the Cisco Unified Wireless IP Phone Remotely
- Troubleshooting the Cisco Unified Wireless IP Phone 7921G
- Resolving Startup and Connectivity Problems
- Resolving Voice Quality and Roaming Problems
- General Troubleshooting Information
- Erasing the Local Configuration
- Providing Information to Users By Using a Website
- Supporting International Users
- Physical and Operating Environment Specifications
- Checklist for Deploying the Cisco Unified Wireless IP Phone 7921G
- Index
Chapter 2 An Overview of the Voice Over IP Wireless Network
Components of the VoIP Wireless Network
2-20
Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified CallManager Release 4.1, 4.2, 5.0
OL-10802-02
• EAP-FAST Authentication—This client server security architecture encrypts
EAP transactions within a Transport Level Security (TLS) tunnel between the
access point and the Remote Authentication Dial-in User Service (RADIUS)
server such as the Cisco
Access Control Server (ACS).
The TLS tunnel uses Protected Access Credentials (PACs) for authentication
between the client (phone) and the RADIUS server. The server sends an
Authority ID (AID) to the client (phone), which in turn selects the appropriate
PAC. The client (phone) returns a PAC-Opaque to the RADIUS server. The
server decrypts the PAC with its master-key. Both end points now have the
PAC key and a TLS tunnel is created. EAP-FAST supports automatic PAC
provisioning, but you must enable it on the RADIUS server.
Note In the Cisco ACS, by default, the PAC expires in one week. If the phone
has an expired PAC, authentication with the RADIUS server takes longer
while the phone gets a new PAC.
To avoid these PAC provisioning delays, set the PAC expiration period to
90 days or longer on the ACS or RADIUS server.
Authenticated Key Management
The following authentication schemes use the RADIUS server to manage
authentication keys:
• Wi-Fi Protected Access (WPA)—Uses information on a RADIUS server to
derive unique pair-wise keys for authentication. Because these keys are
generated at the centralized RADIUS server, WPA provides more security
than WPA pre-shared keys that are stored on the access point and phone.
• Cisco Centralized Key Management (CCKM)—Uses information on a
RADIUS server and a wireless domain server (WDS) to manage and
authenticate keys. The WDS creates a cache of security credentials for
CCKM-enabled client devices for fast and secure reauthentication.
With WPA and CCKM, encryption keys are not entered on the phone, but are
automatically derived between the access point and phone. But the EAP
username and password that are used for authentication must be entered on
each phone.