Cisco Systems 7920 User Manual 2

Configuring the Cisco 7920 Wireless IP Phone with WEP Keys, VLANs, and LEAP
Document ID: 43622
Introduction Prerequisites
Requirements Components Used Related Products Conventions Background Theory Network Diagram
Using Open Authentication and Static WEP Keys
Configuring the Cisco 7920 Configuring the Cisco Aironet 1200 AP
Using Open Authentication, Static WEP Keys, and VLANs
Configuring the Cisco 7920 Configuring the Cisco Aironet 1200 AP with a VLAN Configuring 802.1Q Trunking on the Catalyst 2924 XL Configuring the Inter−VLAN Router
Using Cisco LEAP
Configuring the Cisco 7920 Configuring the Cisco Aironet 1200 AP for LEAP Configuring the Cisco Secure Server for LEAP
Troubleshooting Guidelines
Cisco 7920 Exhibits Problems After Configuration Changes Cisco 7920 Error Message − Association Failed, No AP Found Cisco 7920 Error Message − No Service IP Config Failed Cisco 7920 Error Message − Registration Rejected Cisco 7920 Error Message − Connecting to CallManager 0−5 Cisco 7920 Configuration Utility Can Not Connect to 7920 − Connection Busy LEAP Authentication Fails General Troubleshooting Hints
Appendix: Configuring the Cisco 7920 with CallManager Related Information
Introduction
This document explains how to configure the Cisco 7920 Wireless IP Phone (Cisco 7920) in common network scenarios. It starts with the most basic configuration required to implement a Cisco 7920. It goes on to explain the next level of complexity, which is the use of VLANs. The final level of complexity is the use of Cisco Secure Access Control Server (ACS) for security. The goal of this document is to provide the reader with a single document that covers the basic tasks required to implement a Cisco 7920 in a lab environment, so that the user can use these skills to implement a Cisco 7920 in a live environment. The reason that this document is targeted at a lab environment is that it is impossible to cover, in a single document, all of the possible permutations of equipment and features that are available to implement a Cisco 7920 in a live environment.
The Cisco 7920 is the first Cisco product to combine Voice over IP (VoIP) technology, Wireless LAN (WLAN) technology, Quality of Service (QoS), and Access/Authentication/Authorization (AAA) security. In
order to successfully implement and support the Cisco 7920, system administrators must become familiar with all of these technology areas.
This document was created primarily for readers who have limited experience with one or more of the products and technologies required to install and configure a Cisco 7920 IP Phone. It will also benefit readers that have a great deal of experience in some of the areas but not others.
QoS is not covered in this document, because it is not required that you implement QoS to bring a Cisco 7920 online to place calls. The QoS (Quality of Service) Technical Support page contains links to several very good documents about the implementation of QoS in VoIP environments.
This document also provides some troubleshooting guidelines. It is not intended to be a complete manual to install, configure, or troubleshoot the Cisco 7920 or any of the other components that are used in this document. The related documents that contain more detailed instructions are referenced in the subsequent sections, as appropriate.
WLAN infrastructure devicessuch as the Cisco Aironet 350 Series Access Point (AP) or the Cisco Aironet 1200 Series APtreat the Cisco 7920 the same as any other wireless 802.11b client. Cisco CallManager treats the Cisco 7920 like any other Cisco 7960 IP Phone. You can use the knowledge and skills that you already have in these areas when you install, configure, and troubleshoot a Cisco 7920.
Prerequisites
Requirements
This document assumes that you have an operational Cisco CallManager 3.2 or later, a Catalyst switch that supports 802.1Q VLANs, and a Cisco Secure ACS (if you are going to do Light Extensible Authentication Protocol [LEAP]). It is also assumed that you have some experience with these products.
Though it is not required, it is helpful to confirmwith a PC or another wireless data clientthat your wireless configuration can connect over the Cisco Aironet AP to an IP device on the other side of the AP.
Components Used
The information in this document is based on these software and hardware versions:
Cisco 7920 Wireless IP Phone Cisco 7960 IP Phone Cisco CallManager 3.3(3) Catalyst 2924 XL version 12.0(5)WC5a Cisco 2651 Router version 12.2(15)T Cisco 1200 Series AP version 12.2(13)JA4 Cisco Secure ACS Release 3.2
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Related Products
You can substitute any Catalyst Switch that supports 802.1Q trunking. If it is based on Cisco IOS® Software (similar to a 2900 XL), then the configuration examples in this document should work. If it is based on Catalyst OS, then you have to convert the examples as required.
You can substitute any Aironet Wireless device that supports 802.11b clients. The Cisco Aironet 1200 AP examples provide some guidelines for how you should configure your Aironet device.
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Background Theory
The Cisco 7920 is supported by Cisco CallManager 3.2 and later. It is configured as a Cisco 7960 IP Phone in Cisco CallManager; however, it has its own image file. Wireless devices, such as the Cisco Aironet 1200 AP, treat the Cisco 7920 like a typical wireless client.
If you are not already familiar with Wireless Security issues and best practices, refer to Wireless LAN Security White Paper before you proceed with a live installation of a Cisco 7920.
You should be familiar with the basic administrative and user tasks for the Cisco 7920. The Cisco 7920 documentation is available in the Products and Services area of Cisco.com.
If you have not already configured the Cisco 7920 or any other Cisco IP Phone on your Cisco CallManager server, see the Appendix: Configuring the Cisco 7920 with CallManager section of this document before you begin. Add the additional IP phone at this time as well: it is required to perform VoIP test calls to and from the Cisco 7920.
Tip: When you use the USB cable that is provided with the Cisco 7920 to configure it with the Cisco 7920 PC−based Configuration Utility, the Cisco 7920 appears as a network device on the PC. Any time that the Cisco 7920 is connected to the PC through the USB cable, you can see that this connection exists. On the PC, choose Start > Settings > Networking and Dial Up Connections. One of the connections is the Cisco 7920. Do not make any changes to it. It is only used by the Cisco 7920 Configuration Utility through the USB port. When you disconnect the Cisco 7920 from the PC, this interface disappears from your Networking and Dial Up Connections until the next time that you connect it. Issue the ipconfig /all command (from a command prompt on your PC) to view the IP settings used by the Cisco 7920 USB connection.
If you are not already familiar with the text editing mode for the Cisco 7920, consider these points:
The asterisk (*) toggles between lower and upper case characters. The hash (#) allows you to enter Special Characters. Press the Back key to exit Special Character
mode. Press the Clear key to delete the previous character. The large buttons with white arrows move the cursor left and right. To enter a character, press the number button with the character that you want to use. Keep pressing
the button until the character shows up.
For example, to enter the letter z press the 9 key four times. To enter the letter Z, press the asterisk first then press the 9 key four times.
Once the character that you want is displayed, wait for a few seconds. The cursor will move to the right of the last character that you entered. To enter a number keep pressing the button until the number appears.
Network Diagram
This document uses this network setup:
Using Open Authentication and Static WEP Keys
If you want to learn more about Wireless Security before you start this section, refer to these documents:
Cisco Aironet Wireless LAN Security Overview Security Setup for the Cisco Aironet 350 Wireless Virtual LAN Deployment Guide
This example is based on the use of open authentication and 128−bit static Wired Equivalent Privacy (WEP) encryption keys.
Caution: It is not recommended to use Shared Key authentication because it is very easy to
compromise.
This task guides you through a very basic Cisco 7920 and Cisco Aironet 1200 AP configuration. This configuration allows the Cisco 7920 to authenticate and associate with the 1200 AP. When you are done, the Cisco 7920 should be able to register with the Cisco CallManager server.
Note: When you are using open authentication, the Cisco Aironet 1200 AP will authenticate all devices that send it authentication requests. However, only devices with the correct WEP encryption keys will be able to associate with the 1200 AP and to send traffic over it successfully.
Configuring the Cisco 7920
This subtask assumes that you have already installed the Cisco 7920 Configuration Utility that came with your Cisco 7920. If you have not yet installed this utility, stop and do so now. The instructions for the installation are included with your Cisco 7920.
Step−by−Step Instructions
The instructions in this section guide you through the minimum configuration steps that are required to enable a Cisco 7920 with a static WEP key.
Turn on the Cisco 7920.1. Choose Menu > Phone Settings > USB Enable / Disable [Enable] to enable the Cisco 7920 USB
2. port. Connect the Cisco 7920 to the USB cable. (The USB cable should already be connected to the PC.)3. Start the Cisco 7920 Configuration Utility on the PC.
4.
Note: If you use Cisco Wireless IP Phone 7920 Firmware Release 2.0, use Cisco 7920 Configuration Utility 2.0. If you use an earlier firmware version on the phones, then you must use an earlier version of the Configuration Utility. Cisco 7920 Configuration Utility 2.0 can be download from Cisco 7920 Wireless Phone Software Downloads ( Log in to the Cisco 7920.
5.
registered customers only
) .
The default User Name is Admin. The default Password is cisco. Click OK.
When this popup window appears, click OK:6.
Choose Edit > Settings Wizard.7.
When this popup window appears, click Cancel:8.
Click Import to obtain the current settings on the Cisco 7920.9.
When this popup window appears, click OK.10.
Click the System Parameters tab.
11.
The System Parameters configuration screen appears. In this case, the Cisco 7920 is using Dynamic Host Configuration Protocol (DHCP) to obtain its IP parameters, including the TFTP address (Cisco CallManager server).
Make any changes that your phone requires.12. Click the RF Network tab.
13.
The RF Network configuration screen appears.
Enter the Primary Service Set Identifier (SSID) for the Cisco Aironet 1200 AP. (You will be
14. configuring this value in the 1200 AP in the next subtask.) Leave the Transmit Power and the Data Rate set to their default values. Click the Network Security tab.15.
The Network Security configuration screen appears. This is the screen where you enter the Authentication Type and the static WEP keys. The 128−bit WEP keys are created using 26 hexadecimal digits (1−9, A−F).
Note: The static WEP keys must be the same on the Cisco 7920 and on the wireless infrastructure devices in your network (in this case, the Cisco Aironet 1200 AP). You might want to keep a copy of them in a document in a secure location; once they are entered into a device, you can not determine what the key is from the device itself. If you do not have a record of them, you will have to create new keys when you add a new device or reconfigure an existing device.
Note: The Cisco 7920 supports up to four static WEP keys. Only one static WEP key is required.
Caution: Client devices that do not use Extensible Authentication Protocol (EAP) must contain
the Access Points transmit key in the same key slot in the client devices WEP key lists. However, the key does not need to be selected as the transmit key in the clients WEP key list. If the transmit keys are in different slots, then your Cisco 7920 will not be able to communicate with the Cisco Aironet 1200 AP. Enter at least one WEP key (in this case, 1234567890abcdef0987654321).
16.
Note: This sample configuration only uses one WEP key. Your live network may require more. Click the Phone Settings tab.17. The Phone Settings configuration screen appears. Configure the Cisco Discovery Protocol (CDP)
18. parameters as shown in the next image. Enter the messages as appropriate.
Note: The Phone Lock Password tab is not covered in this document. Refer to the Cisco 7920 Administrator Guide for more information on this tab. Click Export and the next popup window appears. It is not required that you save the settings to a
19. local file; but, if you would like to do so, click OK and then continue with the rest of this procedure.
Note: The static WEP keys are not saved in the configuration file. If you reset a phone to the factory defaults, you can not just download the configuration to completely reconfigure it. You will still have to re−enter the static WEP keys. When this popup window appears, click OK:20.
Choose Connection > Logout.21.
When this popup window appears, click Yes:22.
When this popup window appears, click OK:23.
Choose File > Exit. The next popup window appears. If you want to save the Log History, click Yes
24. and save it to disk. Otherwise, click No.
Right−click the USB icon on the taskbar.25.
Select Cisco 7920 USB and click Stop.26.
When this popup window appears, click OK:27.
When this popup window appears, click OK:28.
Choose Menu > Phone Settings > USB Enable / Disable [Disable] to disable the Cisco 7920 USB
29. port.
Verifying
There are no steps to verify this part of the configuration. It can be verified at the end of the next subtasks.
Troubleshooting
All of the troubleshooting guidelines can be found in the Troubleshooting Guidelines section at the end of this document.
Configuring the Cisco Aironet 1200 AP
The instructions in this section describe the minimum configuration steps to enable a Cisco Aironet 1200 AP with static WEP keys. This will allow the Cisco 7920 to access the LAN and to register with a Cisco CallManager server.
Step−by−Step Instructions
Tip: Right−click the Back button on your browser to quickly return to a previous page in the Cisco Aironet 1200 AP management pages.
Load the Cisco Aironet 1200 AP administration page into your browser with the address
1.
http://1200ap−ip−address . Use the left navigation bar to configure the Access Point.
2.
Choose Security > SSID Manager.a. On the SSID Properties page, select <NEW> in the Current SSID List and enter the SSID in
b.
the SSID field.
For the purpose of the configuration, the SSID is kormakur. It should be the same one that you previously entered in the Cisco 7920.
To edit the SSID, select the required one from the Current SSID List and edit it.
3.
Because the configuration requires the use of Open Authentication, check Open Authentication in the Authentication Settings area (it is checked by default, if you have not changed it).
Click Apply−All to apply the SSID and the Authentication settings for all of the Radio interfaces; or
4.
click Apply−Radio0 to apply the settings only to Radio0.
When this popup warning appears, click OK:5.
Choose Security > Encryption Manager to configure the WEP keys.
6.
In the Encryption Modes area, click the WEP Encryption radio button, and select
a.
Mandatory. Click the Encryption Key 1 radio button to set it as the Transmit Key, and enter the same
b.
WEP key that you entered in the Cisco 7920 (in this case, 1234567890abcdef0987654321).
Note: The WEP key input appears as asterisks. This is normal behavior.
For more information on the configuration of WEP keys, refer to Configuring WEP and WEP Features. Leave the Key Size set to the default value (128 bit).c. Click Apply−Radio0 or Apply−All (as appropriate) to save the settings.d.
When this popup warning appears, click OK:7.
Verifying
This section helps you to verify the association of the Cisco 7920 with the Cisco Aironet 1200 AP and with the CallManager.
If you entered all of the settings correctly, the Cisco 7920 should have associated and authenticated
1. with the Cisco Aironet 1200 AP.
This appears on the Association page.
Note: You may have to refresh the page.
If the Cisco CallManager configuration is correct, the Cisco 7920 should have registered with the
2. CallManager server. You should now be able to place calls between the Cisco 7920 and your other IP Phone.
Troubleshooting
All of the troubleshooting guidelines can be found in the Troubleshooting Guidelines section at the end of this document.
Using Open Authentication, Static WEP Keys, and VLANs
This task adds support for VLANs, to build on the previous task. The implementation of VLANs requires configuration changes on the Cisco 7920 and on the Cisco Aironet 1200 AP. The 1200 AP can be configured with different SSIDs for each VLAN. For example, you can use VLAN1 as the SSID for VLAN1 and VLAN2 as the SSID for VLAN2. The Cisco 7920 uses its SSID to determine which VLAN that it should use. If you want the Cisco 7920 to use VLAN2 then you would configure its SSID to VLAN2.
In this example, VLAN1 is the default VLAN. The Cisco 7920 will be configured to use VLAN2, and then VLAN2 will be added to the Cisco Aironet 1200 AP.
Configuring the Cisco 7920
Note: This task uses the same WEP key that was used in the first task. Therefore, it does not include the instructions to establish the WEP key on the Cisco 7920.
This task assumes that you are using DHCP to obtain the correct IP address and default gateway for the Cisco
7920. You must also configure your DHCP server with a scope for the new VLAN. Refer to Using One DHCP Server for Voice and Data Networks for more information on DHCP. If you use a static IP address and default gateway address, then you must change the current IP address on the System Parameters tab in the Cisco 7920 Configuration Utility to a legitimate address on the new subnet, before you export the new configuration to the Cisco 7920. Change the IP address between Steps 11 and 12 in the next procedure.
Step−by−Step Instructions
The instructions in this section guide you through the minimum steps that are required to configure the Cisco IP Phone 7920 to use VLAN2s SSID.
Turn on the Cisco 7920.1. Choose Menu > Phone Settings > USB Enable / Disable [Enable] to enable the Cisco 7920 USB
2. port. Connect the Cisco 7920 to the USB cable. (The USB cable should already be connected to the PC.)3. Start the Cisco 7920 Configuration Utility.4. Log in to the Cisco 7920.
5.
The default User Name is Admin. The default Password is cisco. Click OK.
When this popup window appears, click OK:6.
Choose Edit > Settings Wizard.7.
Loading...
+ 37 hidden pages