Feedback
Table Of Contents
An Overview of the Wireless Network
Understanding the Wireless LAN
The 802.11 Standards for Wireless LAN Communications
Connecting to the Wireless Network
Components of the VoIP Wireless Network
Networking Protocols Used with Cisco Wireless IP Phones
Interacting with the Cisco Aironet Access Point
Voice Quality in a Wireless Network
Security Mechanisms in the Wireless Network
Choosing Authentication and Encryption Methods
Interacting with Cisco CallManager
Phone Configuration Files and Profile Files
Interacting with the DHCP Server
Wireless Network and Access Point Configuration
Understanding the Phone Startup Process
An Overview of the Wireless Network
With the introduction of wireless communication, mobile wireless IP phones can provide voice communication within the corporate wireless local area network (WLAN). The Cisco Wireless IP Phone 7920 depends upon and interacts with wireless access points and key Cisco IP telephony components, including Cisco CallManager, to provide wireless voice communication.
This chapter provides you with an overview of the interaction between the Cisco Wireless IP Phone 7920 and other key components of the Voice-over-IP (VoIP) network in the WLAN environment.
•
Understanding the Wireless LAN
•
•
•
Understanding the Wireless LAN
This section includes the following topics about WLANs.
•
•
•
In a traditional LAN, phones and computers use cables to transmit messages and data packets over a wire conductor. Wireless LANs use radio waves to carry the messages and data packets.
WLANs require access point devices that receive and transmit radio signals. Cisco Aironet Access Points, such as the 1200, 1100, and 350 series models, support voice on a WLAN. Figure 2-1 shows a typical WLAN topology that incorporates wireless data for laptop computers and wireless IP telephony (WIPT) for Cisco Wireless IP Phone 7920 models.
When a wireless device powers on, it immediately searches for and becomes associated with an access point. As users move from one location to another within the corporate WLAN environment, the wireless device roams out of range of one access point and into the range of another. The access point uses the wired network to transmit data and voice packets to the switches and routers. Voice packets are sent to the Cisco CallManager server for call processing and routing.
Figure 2-1 Wireless LAN with Cisco Wireless IP Phone 7920s
The 802.11 Standards for Wireless LAN Communications
Wireless LANs must follow the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standards that define the protocols that govern all Ethernet-based wireless traffic. The 802.11b standard is the most prevalent standard in wireless LAN communications and is commonly called WiFi. The 802.11b standard specifies the radio frequency (RF) of 2.4 GHz for both transmitting and receiving data at speeds of 1, 2, 5.5 and 11 Mbps.
The 2.4 GHz RF range is an open frequency range that does not require licensing. Many devices operate in this bandwidth including cordless phones and microwave ovens; consequently, wireless communication is susceptible to interference or noise. Interference does not destroy the signal, but can impede the transmission speed and reduce an 11 Mbps signal all the way down to a 1Mbps signal. In addition, RF interference can reduce the voice quality over the wireless network.
To help prevent interference, direct-sequence spread spectrum (DSSS) technology was developed to spread the signal out over the frequency range or bandwidth. DSSS technology multiplexes chunks of data over several frequencies so that multiple devices can communicate without interference. Each device has a special code that it uses to identify its data packets and to ignore all others. The Cisco wireless products use DSSS technology to support multiple devices on the WLAN.
Connecting to the Wireless Network
The critical components in the wireless network are the access points that provide the wireless links (or "hot spots") to the network. Cisco requires that the access points supporting voice communications must run Cisco IOS Version 12.2(15)JA or later. Cisco IOS provides features for managing voice traffic. The Cisco Aironet Access Points that support IOS include the following access point series:
•
•
•
Each access point has a hard-wired connection to a network layer switch, such as a Cisco Catalyst 4000, that is configured on the LAN. The switch provides access to gateways and the Cisco CallManager server to support wireless IP telephony (WIPT).
Access points transmit and receive RF signals over channels within the 2.4 GHz frequency band. Regulatory domains determine the number of channels that wireless communications can use within the 2.4 GHz frequency band. The Cisco Aironet Access Points support up to 11 communication channels in North America, 13 channels in Europe (ETSI) and 14 channels in Japan. An access point broadcasts on a specific channel within the available channel range. To provide a stable wireless environment and reduce channel interference, you must specify non-overlapping channels for each access point. The recommended channels are 1, 6, and 11 in North America.
The access point has a transmission range or coverage area that depends on its type of antenna and transmission power. The access point coverage range is from 500 to 1000 feet with effective isotropic radiated power (EIRP) output that scales at 1, 5, 20, 50, and 100mW. To provide effective coverage, access points need a range overlap of approximately 20 percent to allow uninterrupted connections as phone users roam from one access point to another.
Wireless network devices use a service set identifier (SSID). The SSID provides a way to group a set of user devices that can associate with a set of access points. Each wireless device that can use the access point is configured with the same SSID as the access point. For more information about configuring the access points, refer to the Cisco Wireless IP Phone 7920 Design and Deployment Guide.
Securing Voice Communications
Because all WLAN devices that are within range can receive all other wireless LAN traffic, securing voice communications is critical. To ensure that voice traffic is not manipulated or intercepted by intruders, the Cisco Wireless IP Phone 7920 and Cisco Aironet Access Points are supported in the overall Cisco SAFE Security architecture.
To secure voice communications, wireless networks use authentication and encryption methods. Wired Equivalent Privacy (WEP) is the method that was first introduced for wireless security, but this method is easily compromised. To address the security problems and weaknesses of WEP, the WiFi Alliance defined Wireless Protected Access (WPA.)
Wi-Fi Protected Access is a standards-based, interoperable security enhancement that increases the level of data protection and access control for existing and future wireless LAN systems. It is derived from and will be forward-compatible with the upcoming IEEE 802.11i standard. WPA leverages Temporal Key Integrity Protocol (TKIP) for data protection and 802.1X for authenticated key management.
Through stronger encryption algorithms, stronger authentication, and rapid key updates, WPA has significantly improved security compared to WEP. Wireless clients, such as wireless IP phones, can authenticate at either the access point or with the network by using a centralized remote authentication dial-in user service (RADIUS) server.
The Cisco Wireless IP telephony solution provides the following additional security areas:
•
•
Related Topics
•
•
Components of the VoIP Wireless Network
The Cisco Wireless IP Phone 7920 must interact with several network components in the wireless local area network (WLAN) to successfully place and receive calls.
The following topics provide an overview of the network components:
•
•
•
•
•
•
•
Networking Protocols Used with Cisco Wireless IP Phones
Cisco IP Phones support several industry-standard and Cisco networking protocols for voice communication. Table 2-1 provides an overview of the networking protocols that the Cisco Wireless IP Phone 7920 supports.
Related Topics
•
•
Interacting with the Cisco Aironet Access Point
Wireless voice devices use the same access points as wireless data devices. However, voice traffic over a WLAN requires different equipment configurations and layouts than a WLAN that is used exclusively for data traffic. Data transmission can tolerate a higher level of RF noise, packet loss, and channel contention than voice transmission. Packet loss while searching a web page might cause the page to display slowly and might annoy the end user. However, packet loss during voice transmission can cause choppy or broken audio and make the phone call inaudible.
Wireless voice users are mobile and can roam across a campus or between floors in a building while they are connected to a call. Alternately, data users might move their PC to another location, but they reconnect at the new location. The ability to roam while maintaining voice session continuity is one of the advantages of wireless voice; therefore, RF coverage needs to include areas not usually covered for data, such as stairwells, elevators, quiet corners outside conference rooms, and passage ways.
To assure good voice quality and optimal RF signal coverage, you must perform a site survey that determines settings suitable to wireless voice. The survey results provide information for the design and layout of the WLAN for voice; for example, power levels, channel assignments, and access point placement. For more information about the site survey, refer to the Cisco Wireless IP Phone 7920 Design and Deployment Guide.
After deploying and using wireless voice, you should continue to perform post installation site surveys to verify that the locations of the access points and their configuration continues to meet the needs of your wireless voice users. When you add a group of new users or install more equipment or stack large amounts of inventory, you are changing the wireless environment. You must verify that the access point coverage is still adequate for optimal voice communications. See the "Performing a Site Survey Verification" section for more information.
Associating to an Access Point
At startup, the Cisco Wireless IP Phone 7920 uses its radio to scan for access points with Service Set Identifiers (SSIDs) and encryption types that it recognizes. The phone builds and maintains a list of eligible access point targets and uses the following two variables to determine the best access point with which to associate.
•
•
The Cisco Wireless IP Phone associates with the access point with the highest RSSI and lowest channel utilization values (QBSS) that have matching SSID and encryption types.
Related Topics
•
•
•
Roaming in a Wireless Network
Cisco Wireless IP Phone users have the ability to move from one location in the premises to another while conversing on the phone. Unlike cellular phones that have broad coverage, the coverage area for the Cisco Wireless IP Phone is smaller; therefore, phone users must roam from one access point to another more frequently. To understand some of the limitations of roaming with wireless IP phones, the following examples provide information about roaming in the WLAN.
•
•
If the Cisco Wireless IP Phone user moves from an access point that covers IP Subnet A to an access point that covers IP Subnet B, the phone no longer has an IP address or gateway that is valid within the new subnet and the call can disconnect.
With the release of the Cisco Catalyst 6500 Series Wireless LAN Services Module (WLSM), the Cisco Wireless IP Phone 7920 now supports Layer 3 roaming. For details about the Cisco WLSM, refer to the product documentation available at:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/wlsm_1_1/index.htm
•
http://www.cisco.com/en/US/products/hw/wireless/ps4570/prod_technical_reference09186a00801c5223.html
To solve this issue, CCKM, a centralized key management protocol, provides a cache of session credentials on the wireless domain server (WDS). As the phone roams from one access point to the next, CCKM compresses the number of message exchanges during roaming by providing a master key stored on the WDS for the access point to use. The reassociation exchange is reduced to two messages, thereby reducing the roaming time.
Related Topics
•
•
•
Voice Quality in a Wireless Network
Voice traffic on the Wireless LAN, like data traffic, is susceptible to delay, jitter, and packet loss. These issues do not impact the data end user, but have serious implications for a voice call. To ensure that voice traffic receives timely and reliable treatment with low delay and low jitter, you must use Quality of Service (QoS), and use separate virtual LANs (VLANs) for voice and data. By isolating the voice traffic onto a separate VLAN, you can use QoS to provide priority treatment for voice packets when traveling across the network. You need the following VLANs on the network switches and the access points that support voice connections on the WLAN.
•
•
Assign separate SSIDs to the voice and to the data VLANs. You can also configure a separate management VLAN in the WLAN, but do not associate an SSID with the management VLAN.
By separating the phones onto a voice VLAN and marking voice packets with higher CoS, you can ensure that voice traffic gets priority treatment over data traffic.You can management traffic resulting in lower delay and fewer lost packets.
For more information, refer to the Cisco Wireless IP Phone 7920 Design and Deployment Guide.
Related Topics
•
•
•
Security Mechanisms in the Wireless Network
Before a wireless device can communicate on the network, it must authenticate with the access point or the network by using an authentication method. The Cisco Wireless IP Phone 7920 can use these authentication methods in the WLAN:
•
•
Shared key authentication can be less secure than open authentication with WEP because someone can monitor the challenges. An intruder can calculate the WEP key by comparing the unencrypted and encrypted challenge text strings.
•
•
Cisco LEAP is a proprietary authentication protocol that requires a LEAP-compliant RADIUS server. LEAP allows wireless devices to mutually authenticate by using a username and password through a centralized RADIUS server user database.
When a Cisco Wireless IP Phone roams from one access point to another, the next access point requires LEAP authentication, also. The voice stream will not flow until the LEAP authentication is completed at the next access point through the centralized RADIUS server.
To reduce the amount of delay between the access point and the RADIUS server, carefully plan where to locate the RADIUS server. A local RADIUS server introduces less delay during roaming than a remote RADIUS server. Small, remote offices can use a RADIUS server on the Cisco access point to authenticate up to 50 users.
Authenticated Key Management
The following authentication schemes use the RADIUS server to manage authentication keys:
•
•
With WPA and CCKM, encryption keys are not entered on the phone , but are automatically derived between the access point and phone. But the LEAP username and password that are used for authentication must be entered on each phone.
Encryption Methods
To ensure that voice traffic is secure, the Cisco Wireless IP Phone 7920 supports Wired Equivalent Privacy (WEP) and Temporal Key Integrity Protocol (TKIP) for encryption. When you use either mechanism for encryption, both the signaling (SCCP) packets and voice (RTP) packets are encrypted between the access point and the Cisco Wireless IP Phone.
•
LEAP and CCKM authentication can use WEP keys for encryption. The RADIUS server manages the WEP key and passes a unique key to the access point after authentication for encrypting all voice packets; consequently, these WEP keys can change with each authentication.
•
Note
Choosing Authentication and Encryption Methods
Authentication and encryption schemes are setup within the wireless LAN. VLANS are configured in the network and on the access points and specify different combinations of authentication and encryption. An SSID is associated with a VLAN and its particular authentication and encryption scheme. In order for wireless client devices to authenticate successfully, you must configure the same SSIDs with their authentication and encryption scheme requirements on the access points and on the wireless client devices, such as the Cisco Wireless IP Phone.
Some authentication schemes require specific types of encryption. With Open authentication, you have the option to use static WEP for encryption and added security. But if you are using Shared Key authentication, you must set static WEP for encryption, and you must configure the WEP key on the phone.
When using Authenticated Key Management (AKM) for the Cisco Wireless IP Phone 7920, several choices for both authentication and encryption can be set up on the access points with different SSIDs. When the Cisco Wireless IP Phone attempts to authenticate, it chooses the access point that advertises the authentication and encryption scheme that the phone can support. AKM can authenticate by using WPA Pre-shared key, WPA, or CCKM.
When you set up AKM on the phone, the access point can provide the encryption key when using WPA Pre-shared key or the key can be configured on the phone when using WEP. When using AKM, encryption options include WPA Pre-shared key, TKIP for WPA authentication, and TKIP or WEP for CCKM authentication.
For more information about authentication and encryption schemes and how they are configured, refer to the Cisco Aironet Configuration Guide for your model and release at this URL:
Table 2-2 provides a list of authentication and encryption schemes configured on the Cisco Aironet Access Points supported by the Cisco Wireless IP Phone 7920. The table shows the network configuration option for the phone that corresponds to the access point configuration.
I
Related Topics
•
•
•
Interacting with Cisco CallManager
Cisco CallManager is the call control component in the network that handles and routes calls for the Cisco Wireless IP Phone 7920. Cisco CallManager manages the components of the IP telephony system—the phones, access gateways, and the resources—for such features as call conferencing and route planning. You must use Cisco CallManager Release 3.3(3) SR1 or later for wireless voice deployments.
Before Cisco CallManager can recognize a phone, it must register with Cisco CallManager and be configured in the database. For information about setting up phones in Cisco CallManager, see the "Configuring IP Phones in Cisco CallManager" section.
You can find more information about configuring Cisco CallManager to work with the IP phones and IP devices in the Cisco CallManager Administration Guide and Cisco CallManager System Guide.
Related Topics
•
•
Phone Configuration Files and Profile Files
Configuration files for a phone define parameters for connecting to Cisco CallManager and are stored on the TFTP server. In general, any time you make a change in Cisco CallManager Administration that requires resetting the phone, the phone configuration file changes automatically.
Configuration files also contain information about the correct image load for the phone. If this image load differs from the one currently loaded on a phone, the phone contacts the TFTP server to request the new image file.
The phone first requests the configuration file SEPxxxxxxxxxxxx.cnf.xml, where each xx is the two-digit lowercase hexadecimal representation of each integer in the phone's MAC address. If the phone cannot find this file, it requests the configuration file XMLDefault.cnf.xml.
After the phone obtains the *.cnf.xml files, it requests a phone-specific profile file. If a phone cannot find this profile file, it requests the appropriate common profile file.
After the phone finds one of the profile files, or if it cannot find a profile file, it continues with its startup process.
Related Topic
•
Interacting with the DHCP Server
Dynamic Host Configuration Protocol (DHCP) is a communications protocol that lets network administrators manage and automate the assignment of Internet Protocol (IP) addresses in a network. When an IP device is added to the network, it must have a unique IP address. Without DHCP, the IP address must be entered manually at each device. DHCP allocates IP addresses dynamically and reuses IP addresses when devices no longer need them.
If DHCP is enabled in the network, the Cisco Wireless IP Phone 7920 uses the DHCP scope settings in the DHCP server to perform the phone provisioning bootup process. You must configure the settings of the DHCP server in the Cisco CallManager network.
The DHCP scope settings include the following:
•
•
•
The priority of the DHCP settings for the TFTP server is unique to the Cisco Wireless IP Phone 7920, as shown in Table 2-3.
Table 2-3 DHCP Settings Priority
1st
DHCP option 150
2nd
DHCP option 66
3rd
SIADDR
4th
ciscoCM1
If DHCP is disabled, the Cisco Wireless IP Phone 7920 uses the following network settings to perform the phone provisioning bootup process. You must configure these static parameters for each Cisco Wireless IP Phone 7920.
•
•
•
•
•
•
Wireless Network and Access Point Configuration
This section identifies key access point (AP) configuration options that are required for optimal voice performance. This is not a complete list of configuration steps or options for installing access points such as the Cisco Aironet Access Points. For more information about configuring your access point, refer to the appropriate installation and configuration guide for your model or the documentation for your access point.
When configuring a wireless voice LAN, use access points that run Cisco IOS Version 12.2(15)JA or later. The access points that run IOS include the following:
•
•
•
•
Table 2-4 explains and provides references for many of the configuration activities for the Cisco Aironet Access Point.
Related Topics
•
•
Understanding the Phone Startup Process
When connecting to the wireless VoIP network, the Cisco Wireless IP Phone 7920 goes through a standard startup process, as described in Table 2-5. Depending on your specific network configuration, not all of these steps may occur on your Cisco Wireless IP Phone.
Table 2-5 Cisco IP Phone Startup Process
1.
The Cisco Wireless IP Phone 7920 has non-volatile Flash memory in which it stores firmware images and user-defined preferences. At startup, the phone runs a bootstrap loader that loads a phone image stored in Flash memory. Using this image, the phone initializes its software and hardware.
Providing Power to the Cisco IP Phone
2.
The Cisco Wireless IP Phone 7920 scans the RF coverage area with its radio. The phone scans its network profiles and searches for access points that have a matching SSID and authentication type. The phone associates with the access point with the highest RSSI and lowest channel utilization (QBSS) that matches with its network profile.
Interacting with the Cisco Aironet Access Point
3.
The Cisco Wireless IP Phone 7920 begins the authenticating process.
•
•
•
•
–
–
Security Mechanisms in the Wireless Network
4.
If the Cisco Wireless IP Phone is using DHCP to obtain an IP address, the phone queries the DHCP server to obtain one. If you are not using DHCP in your network, you must assign a static IP address to each phone locally.
In addition to assigning an IP address, the DHCP server directs the Cisco Wireless IP Phone to a TFTP server. If the phone has a statically defined IP address, you must configure the TFTP server IP address locally on the phone; the phone then contacts the TFTP server directly.
5.
The Cisco Wireless IP Phone checks to verify that the proper firmware is installed or if new firmware is available to download.
Cisco CallManager informs devices using .cnf or .cnf.xml format configuration files of their load ID. Devices using .xml format configuration files receive the load ID in the configuration file.
6.
The TFTP server has configuration files and profile files. A configuration file includes parameters for connecting to Cisco CallManager and information about which image load a phone should be running. A profile file contains various parameters and values for phone and network settings.
•
7.
The configuration file defines how the Cisco IP Phone communicates with Cisco CallManager. After obtaining the file from the TFTP server, the phone attempts to make a TCP connection to the highest priority Cisco CallManager on the list.
•
8.
If the phone was manually added to the database, Cisco CallManager identifies and registers the phone. If the phone was not manually added to the database and auto-registration is enabled in Cisco CallManager, the phone attempts to auto-register itself in the Cisco CallManager database.
•
Related Topics
•
