Configuring the Cisco 7920 Wireless IP Phone with
WEP Keys, VLANs, and LEAP
Document ID: 43622
Introduction
Prerequisites
Requirements
Components Used
Related Products
Conventions
Background Theory
Network Diagram
Using Open Authentication and Static WEP Keys
Configuring the Cisco 7920
Configuring the Cisco Aironet 1200 AP
Using Open Authentication, Static WEP Keys, and VLANs
Configuring the Cisco 7920
Configuring the Cisco Aironet 1200 AP with a VLAN
Configuring 802.1Q Trunking on the Catalyst 2924 XL
Configuring the Inter−VLAN Router
Using Cisco LEAP
Configuring the Cisco 7920
Configuring the Cisco Aironet 1200 AP for LEAP
Configuring the Cisco Secure Server for LEAP
Troubleshooting Guidelines
Cisco 7920 Exhibits Problems After Configuration Changes
Cisco 7920 Error Message − Association Failed, No AP Found
Cisco 7920 Error Message − No Service IP Config Failed
Cisco 7920 Error Message − Registration Rejected
Cisco 7920 Error Message − Connecting to CallManager 0−5
Cisco 7920 Configuration Utility Can Not Connect to 7920 − Connection Busy
LEAP Authentication Fails
General Troubleshooting Hints
Appendix: Configuring the Cisco 7920 with CallManager
Related Information
Introduction
This document explains how to configure the Cisco 7920 Wireless IP Phone (Cisco 7920) in common
network scenarios. It starts with the most basic configuration required to implement a Cisco 7920. It goes on
to explain the next level of complexity, which is the use of VLANs. The final level of complexity is the use of
Cisco Secure Access Control Server (ACS) for security. The goal of this document is to provide the reader
with a single document that covers the basic tasks required to implement a Cisco 7920 in a lab environment,
so that the user can use these skills to implement a Cisco 7920 in a live environment. The reason that this
document is targeted at a lab environment is that it is impossible to cover, in a single document, all of the
possible permutations of equipment and features that are available to implement a Cisco 7920 in a live
environment.
The Cisco 7920 is the first Cisco product to combine Voice over IP (VoIP) technology, Wireless LAN
(WLAN) technology, Quality of Service (QoS), and Access/Authentication/Authorization (AAA) security. In
order to successfully implement and support the Cisco 7920, system administrators must become familiar with
all of these technology areas.
This document was created primarily for readers who have limited experience with one or more of the
products and technologies required to install and configure a Cisco 7920 IP Phone. It will also benefit readers
that have a great deal of experience in some of the areas but not others.
QoS is not covered in this document, because it is not required that you implement QoS to bring a Cisco 7920
online to place calls. The QoS (Quality of Service) Technical Support page contains links to several very good
documents about the implementation of QoS in VoIP environments.
This document also provides some troubleshooting guidelines. It is not intended to be a complete manual to
install, configure, or troubleshoot the Cisco 7920 or any of the other components that are used in this
document. The related documents that contain more detailed instructions are referenced in the subsequent
sections, as appropriate.
WLAN infrastructure devicessuch as the Cisco Aironet 350 Series Access Point (AP) or the Cisco Aironet
1200 Series APtreat the Cisco 7920 the same as any other wireless 802.11b client. Cisco CallManager treats
the Cisco 7920 like any other Cisco 7960 IP Phone. You can use the knowledge and skills that you already
have in these areas when you install, configure, and troubleshoot a Cisco 7920.
Prerequisites
Requirements
This document assumes that you have an operational Cisco CallManager 3.2 or later, a Catalyst switch that
supports 802.1Q VLANs, and a Cisco Secure ACS (if you are going to do Light Extensible Authentication
Protocol [LEAP]). It is also assumed that you have some experience with these products.
Though it is not required, it is helpful to confirmwith a PC or another wireless data clientthat your wireless
configuration can connect over the Cisco Aironet AP to an IP device on the other side of the AP.
Components Used
The information in this document is based on these software and hardware versions:
Cisco 7920 Wireless IP Phone•
Cisco 7960 IP Phone•
Cisco CallManager 3.3(3)•
Catalyst 2924 XL version 12.0(5)WC5a•
Cisco 2651 Router version 12.2(15)T•
Cisco 1200 Series AP version 12.2(13)JA4•
Cisco Secure ACS Release 3.2•
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
Related Products
You can substitute any Catalyst Switch that supports 802.1Q trunking. If it is based on Cisco IOS® Software
(similar to a 2900 XL), then the configuration examples in this document should work. If it is based on
Catalyst OS, then you have to convert the examples as required.
You can substitute any Aironet Wireless device that supports 802.11b clients. The Cisco Aironet 1200 AP
examples provide some guidelines for how you should configure your Aironet device.
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Background Theory
The Cisco 7920 is supported by Cisco CallManager 3.2 and later. It is configured as a Cisco 7960 IP Phone in
Cisco CallManager; however, it has its own image file. Wireless devices, such as the Cisco Aironet 1200 AP,
treat the Cisco 7920 like a typical wireless client.
If you are not already familiar with Wireless Security issues and best practices, refer to Wireless LAN
Security White Paper before you proceed with a live installation of a Cisco 7920.
You should be familiar with the basic administrative and user tasks for the Cisco 7920. The Cisco 7920
documentation is available in the Products and Services area of Cisco.com.
If you have not already configured the Cisco 7920 or any other Cisco IP Phone on your Cisco CallManager
server, see the Appendix: Configuring the Cisco 7920 with CallManager section of this document before you
begin. Add the additional IP phone at this time as well: it is required to perform VoIP test calls to and from
the Cisco 7920.
Tip: When you use the USB cable that is provided with the Cisco 7920 to configure it with the Cisco 7920
PC−based Configuration Utility, the Cisco 7920 appears as a network device on the PC. Any time that the
Cisco 7920 is connected to the PC through the USB cable, you can see that this connection exists. On the PC,
choose Start > Settings > Networking and Dial Up Connections. One of the connections is the Cisco 7920.
Do not make any changes to it. It is only used by the Cisco 7920 Configuration Utility through the USB port.
When you disconnect the Cisco 7920 from the PC, this interface disappears from your Networking and Dial
Up Connections until the next time that you connect it. Issue the ipconfig /all command (from a command
prompt on your PC) to view the IP settings used by the Cisco 7920 USB connection.
If you are not already familiar with the text editing mode for the Cisco 7920, consider these points:
The asterisk (*) toggles between lower and upper case characters.•
The hash (#) allows you to enter Special Characters. Press the Back key to exit Special Character
•
mode.
Press the Clear key to delete the previous character.•
The large buttons with white arrows move the cursor left and right.•
To enter a character, press the number button with the character that you want to use. Keep pressing
•
the button until the character shows up.
For example, to enter the letter z press the 9 key four times. To enter the letter Z, press the
asterisk first then press the 9 key four times.
Once the character that you want is displayed, wait for a few seconds. The cursor will move to the
right of the last character that you entered. To enter a number keep pressing the button until the
number appears.
Network Diagram
This document uses this network setup:
Using Open Authentication and Static WEP Keys
If you want to learn more about Wireless Security before you start this section, refer to these documents:
Cisco Aironet Wireless LAN Security Overview•
Security Setup for the Cisco Aironet 350•
Wireless Virtual LAN Deployment Guide•
This example is based on the use of open authentication and 128−bit static Wired Equivalent Privacy (WEP)
encryption keys.
Caution: It is not recommended to use Shared Key authentication because it is very easy to
compromise.
This task guides you through a very basic Cisco 7920 and Cisco Aironet 1200 AP configuration. This
configuration allows the Cisco 7920 to authenticate and associate with the 1200 AP. When you are done, the
Cisco 7920 should be able to register with the Cisco CallManager server.
Note: When you are using open authentication, the Cisco Aironet 1200 AP will authenticate all devices that
send it authentication requests. However, only devices with the correct WEP encryption keys will be able to
associate with the 1200 AP and to send traffic over it successfully.
Configuring the Cisco 7920
This subtask assumes that you have already installed the Cisco 7920 Configuration Utility that came with
your Cisco 7920. If you have not yet installed this utility, stop and do so now. The instructions for the
installation are included with your Cisco 7920.
Step−by−Step Instructions
The instructions in this section guide you through the minimum configuration steps that are required to enable
a Cisco 7920 with a static WEP key.
Turn on the Cisco 7920.1.
Choose Menu > Phone Settings > USB Enable / Disable [Enable] to enable the Cisco 7920 USB
2.
port.
Connect the Cisco 7920 to the USB cable. (The USB cable should already be connected to the PC.)3.
Start the Cisco 7920 Configuration Utility on the PC.
4.
Note: If you use Cisco Wireless IP Phone 7920 Firmware Release 2.0, use Cisco 7920 Configuration
Utility 2.0. If you use an earlier firmware version on the phones, then you must use an earlier version
of the Configuration Utility. Cisco 7920 Configuration Utility 2.0 can be download from Cisco 7920
Wireless Phone Software Downloads (
Log in to the Cisco 7920.
5.
registered customers only
) .
The default User Name is Admin. The default Password is cisco. Click OK.
When this popup window appears, click OK:6.
Choose Edit > Settings Wizard.7.
When this popup window appears, click Cancel:8.
Click Import to obtain the current settings on the Cisco 7920.9.
When this popup window appears, click OK.10.
Click the System Parameters tab.
11.
The System Parameters configuration screen appears. In this case, the Cisco 7920 is using Dynamic
Host Configuration Protocol (DHCP) to obtain its IP parameters, including the TFTP address (Cisco
CallManager server).
Make any changes that your phone requires.12.
Click the RF Network tab.
13.
The RF Network configuration screen appears.
Enter the Primary Service Set Identifier (SSID) for the Cisco Aironet 1200 AP. (You will be
14.
configuring this value in the 1200 AP in the next subtask.) Leave the Transmit Power and the Data
Rate set to their default values.
Click the Network Security tab.15.
The Network Security configuration screen appears. This is the screen where you enter the
Authentication Type and the static WEP keys. The 128−bit WEP keys are created using 26
hexadecimal digits (1−9, A−F).
Note: The static WEP keys must be the same on the Cisco 7920 and on the wireless infrastructure
devices in your network (in this case, the Cisco Aironet 1200 AP). You might want to keep a copy of
them in a document in a secure location; once they are entered into a device, you can not determine
what the key is from the device itself. If you do not have a record of them, you will have to create new
keys when you add a new device or reconfigure an existing device.
Note: The Cisco 7920 supports up to four static WEP keys. Only one static WEP key is required.
Caution: Client devices that do not use Extensible Authentication Protocol (EAP) must contain
the Access Points transmit key in the same key slot in the client devices WEP key lists. However,
the key does not need to be selected as the transmit key in the clients WEP key list. If the transmit
keys are in different slots, then your Cisco 7920 will not be able to communicate with the Cisco
Aironet 1200 AP.
Enter at least one WEP key (in this case, 1234567890abcdef0987654321).
16.
Note: This sample configuration only uses one WEP key. Your live network may require more.
Click the Phone Settings tab.17.
The Phone Settings configuration screen appears. Configure the Cisco Discovery Protocol (CDP)
18.
parameters as shown in the next image. Enter the messages as appropriate.
Note: The Phone Lock Password tab is not covered in this document. Refer to the Cisco 7920
Administrator Guide for more information on this tab.
Click Export and the next popup window appears. It is not required that you save the settings to a
19.
local file; but, if you would like to do so, click OK and then continue with the rest of this procedure.
Note: The static WEP keys are not saved in the configuration file. If you reset a phone to the factory
defaults, you can not just download the configuration to completely reconfigure it. You will still have
to re−enter the static WEP keys.
When this popup window appears, click OK:20.
Choose Connection > Logout.21.
When this popup window appears, click Yes:22.
When this popup window appears, click OK:23.
Choose File > Exit. The next popup window appears. If you want to save the Log History, click Yes
24.
and save it to disk. Otherwise, click No.
Right−click the USB icon on the taskbar.25.
Select Cisco 7920 USB and click Stop.26.
When this popup window appears, click OK:27.
When this popup window appears, click OK:28.
Choose Menu > Phone Settings > USB Enable / Disable [Disable] to disable the Cisco 7920 USB
29.
port.
Verifying
There are no steps to verify this part of the configuration. It can be verified at the end of the next subtasks.
Troubleshooting
All of the troubleshooting guidelines can be found in the Troubleshooting Guidelines section at the end of this
document.
Configuring the Cisco Aironet 1200 AP
The instructions in this section describe the minimum configuration steps to enable a Cisco Aironet 1200 AP
with static WEP keys. This will allow the Cisco 7920 to access the LAN and to register with a Cisco
CallManager server.
Step−by−Step Instructions
Tip: Right−click the Back button on your browser to quickly return to a previous page in the Cisco Aironet
1200 AP management pages.
Load the Cisco Aironet 1200 AP administration page into your browser with the address
1.
http://1200ap−ip−address .
Use the left navigation bar to configure the Access Point.
2.
Choose Security > SSID Manager.a.
On the SSID Properties page, select <NEW> in the Current SSID List and enter the SSID in
b.
the SSID field.
For the purpose of the configuration, the SSID is kormakur. It should be the same one that
you previously entered in the Cisco 7920.
To edit the SSID, select the required one from the Current SSID List and edit it.
3.
Because the configuration requires the use of Open Authentication, check Open Authentication in
the Authentication Settings area (it is checked by default, if you have not changed it).
Click Apply−All to apply the SSID and the Authentication settings for all of the Radio interfaces; or
4.
click Apply−Radio0 to apply the settings only to Radio0.
When this popup warning appears, click OK:5.
Choose Security > Encryption Manager to configure the WEP keys.
6.
In the Encryption Modes area, click the WEP Encryption radio button, and select
a.
Mandatory.
Click the Encryption Key 1 radio button to set it as the Transmit Key, and enter the same
b.
WEP key that you entered in the Cisco 7920 (in this case, 1234567890abcdef0987654321).
Note: The WEP key input appears as asterisks. This is normal behavior.
For more information on the configuration of WEP keys, refer to Configuring WEP and WEP
Features.
Leave the Key Size set to the default value (128 bit).c.
Click Apply−Radio0 or Apply−All (as appropriate) to save the settings.d.
When this popup warning appears, click OK:7.
Verifying
This section helps you to verify the association of the Cisco 7920 with the Cisco Aironet 1200 AP and with
the CallManager.
If you entered all of the settings correctly, the Cisco 7920 should have associated and authenticated
1.
with the Cisco Aironet 1200 AP.
This appears on the Association page.
Note: You may have to refresh the page.
If the Cisco CallManager configuration is correct, the Cisco 7920 should have registered with the
2.
CallManager server. You should now be able to place calls between the Cisco 7920 and your other IP
Phone.
Troubleshooting
All of the troubleshooting guidelines can be found in the Troubleshooting Guidelines section at the end of this
document.
Using Open Authentication, Static WEP Keys, and VLANs
This task adds support for VLANs, to build on the previous task. The implementation of VLANs requires
configuration changes on the Cisco 7920 and on the Cisco Aironet 1200 AP. The 1200 AP can be configured
with different SSIDs for each VLAN. For example, you can use VLAN1 as the SSID for VLAN1 and
VLAN2 as the SSID for VLAN2. The Cisco 7920 uses its SSID to determine which VLAN that it should
use. If you want the Cisco 7920 to use VLAN2 then you would configure its SSID to VLAN2.
In this example, VLAN1 is the default VLAN. The Cisco 7920 will be configured to use VLAN2, and then
VLAN2 will be added to the Cisco Aironet 1200 AP.
Configuring the Cisco 7920
Note: This task uses the same WEP key that was used in the first task. Therefore, it does not include the
instructions to establish the WEP key on the Cisco 7920.
This task assumes that you are using DHCP to obtain the correct IP address and default gateway for the Cisco
7920. You must also configure your DHCP server with a scope for the new VLAN. Refer to Using One
DHCP Server for Voice and Data Networks for more information on DHCP. If you use a static IP address and
default gateway address, then you must change the current IP address on the System Parameters tab in the
Cisco 7920 Configuration Utility to a legitimate address on the new subnet, before you export the new
configuration to the Cisco 7920. Change the IP address between Steps 11 and 12 in the next procedure.
Step−by−Step Instructions
The instructions in this section guide you through the minimum steps that are required to configure the Cisco
IP Phone 7920 to use VLAN2s SSID.
Turn on the Cisco 7920.1.
Choose Menu > Phone Settings > USB Enable / Disable [Enable] to enable the Cisco 7920 USB
2.
port.
Connect the Cisco 7920 to the USB cable. (The USB cable should already be connected to the PC.)3.
Start the Cisco 7920 Configuration Utility.4.
Log in to the Cisco 7920.
5.
The default User Name is Admin. The default Password is cisco. Click OK.
When this popup window appears, click OK:6.
Choose Edit > Settings Wizard.7.
Loading...
+ 37 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.