SpectraLink Wireless Telephone Overview
PN: 1725-36038-001-H.doc
13
PEAPv0/MSCHAPv2. Both of these methods require a RADIUS
authentication server to be available on the network and accessible to
the phone. Additional details are provided in Section 3.1.
Normal 802.1X authentication requires the client to renegotiate its key
with the authentication server on every AP handoff, which is a time-
consuming process that negatively affects time-sensitive applications
such as voice. Fast AP handoff methods allow for the part of the key
derived from the server to be cached in the wireless network, thereby
shortening the time to renegotiate a secure handoff. The Wireless
Telephone supports two fast AP handoff techniques, Cisco Client Key
Management (CCKM) (only available on Cisco APs) or Opportunistic
Key Caching (OKC). One of these methods must be configured for
support on the WLAN to ensure proper performance of the handset.
WPA and WPA2 Personal
The handset supports WPA and WPA2 Personal, as defined by the
Wi-Fi Alliance. WPA2, which is based on the 802.11i standard,
provides government-grade security by implementing the Advanced
Encryption Standard (AES) encryption algorithm. WPA, which is
based on a draft version of the 802.11i standard before it was ratified,
uses Temporal Key Integrity Protocol (TKIP) encryption. The
Personal version uses an authentication technique called WPA2 is
based on the 802.11i standard. Pre-Shared Key (PSK) allows the use
of manually entered keys or passwords to initiate WPA security.
Cisco Fast Secure Roaming
Cisco’s Fast Secure Roaming (FSR) mechanism uses a combination of
standards-based and proprietary security components including
Cisco Client Key Management (CCKM), LEAP authentication,
Michael message integrity check (MIC) and Temporal Key Integrity
Protocol (TKIP). FSR provides strong security measures for
authentication, privacy and data integrity along with fast AP handoff
on Cisco APs.
WEP
The handset supports Wired Equivalent Privacy (WEP) with both 40-
bit and 128-bit encryption.