Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
721
Views
0
Helpful
4
Replies

7920 EAP verification/configuration

Go to solution
paulcian_2
Level 1
Level 1

‎12-03-2004 07:56 AM - edited ‎07-04-2021 10:13 AM

I just setup a 7920 phone and Laptop to use Network EAP to a Radius server. From the 7920 documention it states that I should set WEP Encryption to NONE and broadcast key rotation to ENABLE.

As soon as set WEP Encryption to NONE the wireless laptop can no longer associate. The laptop is also set up to use EAP with dynamic WEP keys. The Wireless cars is a Cisco 340 client.

Thanks in advance.

My questions are:

1)How do I verify if the 7920 is using Dynamic keys as implied?

2) Why does the wireless Laptop require the WEP be set to mandatory?

3) Does setting the WEP to Mandatory somehow open the 7920 to security risks?

Documentation Link:

http://www.cisco.com/en/US/partner/products/sw/voicesw/ps556/products_configuration_example09186a00801a90d3.shtml#task3-1

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
michaelgillespie
Level 1
Level 1
In response to paulcian_2

‎12-03-2004 01:54 PM

Yes only need wep mandatory defined.

Can see the username in the EAP packets, but not password.

Blocking of the network config, will be in a future firmware image (2.0).

View solution in original post

0 Helpful
4 Replies 4

Go to solution
michaelgillespie
Level 1
Level 1

‎12-03-2004 10:09 AM

If using LEAP, then WEP is dynamic. Will get a new set of keys after roam or re-authentication. You could sniff to see the EAP msgs.

Do not need to enter WEP keys into the client as they will be provided dynamically.

EAP requires mandatory WEP and must be configured so in the AP. EAP will not work w/ WEP disabled.

WEP mandatory means you will either use static or dynamic WEP. Dynamic WEP being the most secure.

Also that is a typo in that doc. Will see it gets corrected. Should say click on WEP encryption and set to "mandatory".

Also a good doc to reference is the 7920 Design Guide @ http://www.cisco.com/en/US/products/hw/phones/ps379/products_white_paper0900aecd800f6d97.shtml, which also has an IOS AP sample config.

0 Helpful

Go to solution
paulcian_2
Level 1
Level 1
In response to michaelgillespie

‎12-03-2004 12:56 PM

I do not have WEP keys defined so being that the documentation had a typo it appears everything is working fine.

Two additional questions: If we are setting the phone up with a static username and password can someone pick this up through a sniffer? Second, can the phone be locked so that you cannot even view the network config?

Thanks again in advance you have been a great help

0 Helpful

Go to solution
michaelgillespie
Level 1
Level 1
In response to paulcian_2

‎12-03-2004 01:54 PM

Yes only need wep mandatory defined.

Can see the username in the EAP packets, but not password.

Blocking of the network config, will be in a future firmware image (2.0).

0 Helpful

Go to solution
paulcian_2
Level 1
Level 1
In response to michaelgillespie

‎12-03-2004 02:02 PM

Thanks again for your help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card