Sign in with
Sign up | Sign in
Your question

Cisco Wireless VoIP Phones Integration

Last response: in Wireless Networking
Share
February 6, 2009 7:29:58 PM

I know this could be classified as VoIP but also falls into this forum.

I am planning to integrate wireless VoIP phones (Cisco models, not sure which) in the future and wondering if they'll work with my existing wireless network. Existing wireless network currently consists of strictly laptops utilizing WPA2-Enterprise (802.11i)
along with 802.1x. I am currently using EAP-TTLS for outside tunnel and EAP-MD5 for inside authentication.

Equipment I have are Cisco AP1232AG-A-K9 access points chained up in WDS setup and one RADIUS server. My questions are:

1) Will Cisco *wireless* VoIP phones handle WPA2-Ent./802.1x stuffs? How about if they cross AP boundaries in WDS? I am
unwilling to downgrade from WPA2-Ent. but willing to switch to EAP-PEAP/PEAP if more compatible with Cisco

2) If you have integrate handhelds (blackberry, etc.) into WPA2-Ent. network, please let me know too. I like to know which
model you use and some good/bad experiences, etc.

Thanks in advance for your input. I appreciate it!!!
February 7, 2009 12:47:56 PM

JustAGuy51 said:
I know this could be classified as VoIP but also falls into this forum.

I am planning to integrate wireless VoIP phones (Cisco models, not sure which) in the future and wondering if they'll work with my existing wireless network. Existing wireless network currently consists of strictly laptops utilizing WPA2-Enterprise (802.11i)
along with 802.1x. I am currently using EAP-TTLS for outside tunnel and EAP-MD5 for inside authentication.

Equipment I have are Cisco AP1232AG-A-K9 access points chained up in WDS setup and one RADIUS server. My questions are:

1) Will Cisco *wireless* VoIP phones handle WPA2-Ent./802.1x stuffs? How about if they cross AP boundaries in WDS? I am
unwilling to downgrade from WPA2-Ent. but willing to switch to EAP-PEAP/PEAP if more compatible with Cisco

2) If you have integrate handhelds (blackberry, etc.) into WPA2-Ent. network, please let me know too. I like to know which
model you use and some good/bad experiences, etc.

Thanks in advance for your input. I appreciate it!!!



The current Cisco offerings for VoIP Wireless phones are the 7921 and 7925. The current security authentication they support and encryption:

• Authentication:
• Cisco Wireless Security Suite IEEE 802.1X
• Lightweight Extensible Authentication Protocol (LEAP) Authentication
• Protected Extensible Authentication Protocol (PEAP) MS-CHAP v2
• Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST)
• Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
• Wi-Fi Protected Access (WPA) Versions 1 and 2; Personal and Enterprise
• Cisco Centralized Key Management (CCKM)

• Encryption:
• 40- and 128-bit static Wired Equivalent Privacy (WEP)
• Temporal Key Integrity Protocol (TKIP) and Message Integrity Check (MIC)
• Advanced Encryption Standard (AES)

So you have options under then 802.1X frame work to work with and you can still keep your higher level of encryption.

WORD TO THE WISE: If you do use 802.1X with AES on a VoIP phone you need to test this on your wireless network at length. Poor wireless network designs MAY cause longer delays while roaming and jitter or dead air can be expected during a roaming event. A protocol analyzer is very helpful determining this and troubleshooting if there is issues.

A recent troubleshooting event at a customer site i found that their network was causing a 1 - 2 second 802.1X auth. Something that should have been 20-100 mS. They had a tremendous amount of co- and adjacent channel interference.

I worked recently with a customer and we were able to get PEAP working on a number of BBs with server side certs. So you should be fine there, just google it lots of info can be found on that topic.

If you have a choice, i would check out the Ascom VoIP handsets. They are much better. Just my .02

February 8, 2009 6:11:30 AM

Thanks for explanation at length.

Maybe I should dedicate a separate channel with separate APs. I just need to support 3 or 4 wireless handset, not many. Doing my homework in case if being asked (likely). With this economy, gotta worry!!!
February 8, 2009 12:48:30 PM

not sure what you mean by separate channel. you should only use 1 6 11. 3-4 phones shouldnt be an issue.
!