Only WPA(TKIP) and 802.1X(WEP) support CCKM.Note
Encryption Methods
To ensure that voice traffic is secure, the Cisco Desktop Collaboration Experience supports WEP, TKIP, and
Advanced Encryption Standards (AES) for encryption. When these mechanisms are used for encryption, both
the signaling Skinny Client Control Protocol (SCCP) packets and voice Real-Time Transport Protocol (RTP)
packets are encrypted between the AP and the Cisco Desktop Collaboration Experience.
WEP
When WEP is used in the wireless network, authentication happens at the AP by using open or shared-key
authentication. The WEP key that is set up on the phone must match the WEP key that is configured
at the AP for successful connections. The Cisco Desktop Collaboration Experience DX600 Series
phones support WEP keys that use 40-bit encryption or a 128-bit encryption and remain static on the
phone and AP.
EAP and CCKM authentication can use WEP keys for encryption. The RADIUS server manages the
WEP key and passes a unique key to the AP after authentication for encrypting all voice packets;
consequently, these WEP keys can change with each authentication.
TKIP
WPA and CCKM use TKIP encryption, which has several improvements over WEP. TKIP provides
per-packet key ciphering and longer initialization vectors (IVs) that strengthen encryption. In addition,
a message integrity check (MIC) ensures that encrypted packets are not being altered. TKIP removes
the predictability of WEP that helps intruders decipher the WEP key.
AES
An encryption method used for WPA2 authentication. This national standard for encryption uses a
symmetrical algorithm that has the same key for encryption and decryption. AES uses Cipher Blocking
Chain (CBC) encryption of 128 bits in size, which supports key sizes of 128, 192 and 256 bits, as a
minimum. The Cisco Desktop Collaboration Experience DX600 Series phones support a key size of
256 bits.
The Cisco Desktop Collaboration Experience does not support Cisco Key Integrity Protocol (CKIP) with
CMIC.
Note
For more information about encryption methods, see the “Wireless Security” section in the Cisco Desktop
Collaboration Experience DX600 Series Wireless LAN Deployment Guide.
AP Authentication and Encryption Options
Authentication and encryption schemes are set up within the wireless LAN. VLANs are configured in the
network and on the APs and specify different combinations of authentication and encryption. An SSID
associates with a VLAN and the particular authentication and encryption scheme. In order for wireless client
Cisco Desktop Collaboration Experience DX650 Administration Guide, Release 10.1(1)
91
Security for Voice Communications in WLANs
To Next Page
Loading...
Need help?
General
