[cisco-voip] wireless phones

Jeff Mottishaw mottie at gmail.com
Fri Aug 27 17:04:42 EDT 2010 

The Device Defaults on our cluster are set to CP7921G-1.3.4SR1 but of course
the phone that I'm testing with was manually set to 1.3.3. That's a good
step one.

So with PEAP-TLS we would need a certificate on both the phone and the IAS
server, with MSCHAPV2 would we only need it on the IAS server?

Thanks!

Jeff

On Fri, Aug 27, 2010 at 10:22 AM, Mike King <me at mpking.com> wrote:

> Jeff,
>
> Have you considered just making another SSID, using WPA2-PSK, or WPA2
> PEAP-MSCHAPV2?
>
> I initially had my phones on the same SSID as my users, but because we
> need to require load balancing on our user wlan, I had to switch them
> to another SSID with Loadbalancing disabled.
>
> You will need a useraccount in your domain for PEAP-TLS or
> PEAP-MSCHAPV2.  I just see the MSCHAPV2 as the easiest method.
>
> Also, I'd suggest going to 1.3.4b  (I think it's b, it's the latest)
> as it has support for more EAP types.(Versus older firmwares, I know
> 1.3.3 has them, but it was "broken")
>
> Mike
>
>
> On Fri, Aug 27, 2010 at 12:38 PM, Jeff Mottishaw <mottie at gmail.com> wrote:
> > I am in the process of migrating all of our users/laptops to a
> > PEAP-TLS wireless configuration using Server 2008 Active Directory
> > Certificate Services. That's all well and fine but now I'm a bit
> > stumped:
> >
> > We have a number of 7921 phones and all the documentation I am coming
> > across for setting them up with certificates talks about using Cisco
> > ACS (which I don't have). Has anyone on this list used AD to store the
> > certificates? I have been searching but there doesn't seem like there
> > is a lot of information out there.
> >
> > I'm wondering if I need to make users/computers for the phones or how
> > that works. I assume I need to make a certificate template for them
> > and manually associate it, but I want to be sure before I go ahead
> > with anything.
> >
> > Thanks in advance.
> >
> > Jeff
>  > _______________________________________________
> > cisco-voip mailing list
> > cisco-voip at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-voip
> >
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100827/068109b7/attachment.html>

More information about the cisco-voip mailing list