Friday, March 09, 2007

Cisco 7920, a WLC 4404, and WPA

Let's assume you want to deploy 7920 phones on a Cisco "light-weight" wireless network and don't want to deploy a RADIUS or ACS server to authenticate users against. You know WEP is broken, so what do you do?

Use WPA. Notice I didin't say WPA2?

First, get yourself a copy of the latest version of "Cisco Wireless IP Phone 7920 Administration Guide for Cisco CallManager". Make sure it's the latest.


Using the 7920 Configuration Utility, set the WPA Pre-shared key to your favorite cryptic value. The ASCII field only requires 8 characters, so it's easy for testing. Set the Authentication Type to AKM.

In WLC on your voice WLAN (you do have a seperate one, right?), set Layer 2 Security to WPA1+WPA2. Under WPA1+WPA2 Parameters, check only the WPA1 Policy, only TKIP , set the Auth Key Mgmt to PSK, the PSK format to ascii, and type your favorite cryptic value.

Export your phone configuration, and watch the authentication magic.