Friday, March 09, 2007

Cisco 7920, a WLC 4404, and WPA

Let's assume you want to deploy 7920 phones on a Cisco "light-weight" wireless network and don't want to deploy a RADIUS or ACS server to authenticate users against. You know WEP is broken, so what do you do?

Use WPA. Notice I didin't say WPA2?

First, get yourself a copy of the latest version of "Cisco Wireless IP Phone 7920 Administration Guide for Cisco CallManager". Make sure it's the latest.

Or...

Using the 7920 Configuration Utility, set the WPA Pre-shared key to your favorite cryptic value. The ASCII field only requires 8 characters, so it's easy for testing. Set the Authentication Type to AKM.

In WLC on your voice WLAN (you do have a seperate one, right?), set Layer 2 Security to WPA1+WPA2. Under WPA1+WPA2 Parameters, check only the WPA1 Policy, only TKIP , set the Auth Key Mgmt to PSK, the PSK format to ascii, and type your favorite cryptic value.

Export your phone configuration, and watch the authentication magic.