Configuration Guide of

Cisco Infrastructure

for OmniTouch™ 8118/8128 WLAN Handset

8AL90450USAA ed05

April 2013
Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

Table of Content

1. GLOSSARY ................................................................................................................................................... 3

2. CISCO WLC (WIRELESS LAN CONTROLLER) .......................................................................................... 4

2.1 INTRODUCTION ........................................................................................................................................ 4
2.1.1 Product Summary ....................................................................................................................... 4
2.1.2 Known Limitations ..................................................................................................................... 4
2.1.3 Compatibility information ....................................................................................................... 5
2.1.4 General conclusion .................................................................................................................... 5
2.2 CONFIGURATION ON CISCO WLC INFRASTRUCTURE ................................................................................... 6
2.2.1 Connecting to the Controller via a Browser ......................................................................... 6
2.2.2 AP Provisioning ........................................................................................................................... 7
2.2.3 AP Configuration ...................................................................................................................... 10
2.2.4 Setting up the SSID .................................................................................................................. 11
2.2.5 Configure Radio for QoS ......................................................................................................... 14
2.2.6 Configure the Radius Server for 802.1x authentication ................................................... 17
3. CISCO AUTONOMOUS AP ........................................................................................................................ 19
3.1 INTRODUCTION ...................................................................................................................................... 19
3.1.1 Product Summary ..................................................................................................................... 19
3.1.2 Known Limitations ................................................................................................................... 19
3.2 CONFIGURATION ON CISCO AUTONOMOUS APS........................................................................................ 20
3.2.1 QoS Configuration .................................................................................................................... 20
3.2.2 Security ...................................................................................................................................... 23
3.2.3 Radio .......................................................................................................................................... 28
4. CONFIGURATION ON OT8118/8128 HANDSETS ................................................................................ 30
4.1 CONFIGURATION THE PARAMETERS VIA WINPDM TOOL ............................................................................ 30
4.2 CERTIFICATE INSTALLATION .................................................................................................................... 33
5. APPENDIX A: CISCO WLC CONFIGURATION REFERENCE FOR OT8118/8128 .............................. 35
5.1 SECURITY SETTINGS (PSK) ..................................................................................................................... 35
5.2 PEAP-MSCHAPV2 USING AN EXTERNAL AUTHENTICATION SERVER. ......................................................... 36
5.3 EAP-FAST USING AN INTERNAL AUTHENTICATION SERVER ....................................................................... 37
5.4 GENERAL SETTINGS (QOS, RADIO ) ........................................................................................................ 39

8AL90450USAA ed05 2 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

1. Glossary
ALU Alcatel-Lucent
AOS Alcatel-Lucent OmniAccess operating system Software
AP Access Point
CAC Call Admission Control
CNG Comfortable Noise Generation
DFS Dynamic Frequency Selection
EAP Extensible Authentication Protocol
EL Entry Level handset
HE High End handset
IPT 310/610 WLAN Handset, Alu branded Polycom handset
MS-CHAP Microsoft version of the Challenge-handshake authentication protocol
MIPT Alcatel-Lucent Mobile IP Touch
OAW OmniAccess Wireless
PEAP Protected Extensible Authentication Protocol
PTT Push To Talk
RF Radio Frequency
TBC To Be Checked
TBD To Be Defined
Tspec Traffic specifications
U-APSD Unscheduled Automatic Power Save Delivery
UP User Priority
VAD Voice Activity Detection
VoWLAN VoIP over WLAN
WMM Wireless MultiMedia
WMM-PS WMM Power Save
WMM-AC WMM Admission Control
WFA Wi-Fi Alliance
WPA Wi-Fi Protected Access

8AL90450USAA ed05 3 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

2. CISCO WLC (Wireless LAN Controller)

2.1 Introduction

2.1.1 Product Summary

All tests executed by ALU PQA team were performed on following platform.

However, we guarantee interoperability with all controllers listed in Comtech/PCS running

software version 7.0.98.

All tests were performed with the APs in the table, but all access points listed in the
Comtech/PCS are supported.

The latest released version of OT8118/8128 handsets is recommended to deploy. (v4.2.2 is

delivered for WLAN_R5.4 release)

Controller APs
1130
1240
Product Model WLC 4402 1140
WLC 2106 1250
1260
3500
AP Radio(s) 2.4 GHz (802.11b/g/n), 5 GHz (802.11a/n)
WPA-PSK
WPA2-PSK
Security EAP-FAST
PEAPv0-MSChap2
EAP-TLS
QoS WMM
software version 5.2.178.0 / 7.0.78 / 7.098
Handset model OmniTouch 8118/8128
Handset software 4.2.2

2.1.2 Known Limitations

 The handset supports CCXv2 (can work with Cisco infrastructure with a higher CCX
version).

 During EAP-FAST authentication, the handset only supports auto provisioning “.PAC” file.
And it will try to download the “.PAC” file in each initialization.

8AL90450USAA ed05 4 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

 If AP 1140/1250/1260/3500 is used together with AP1230 or AP1240, the system must be

configured to use a Beacon Interval of 102ms. This is due to a limitation in
1140/1250/1260/3500 that prevents the APs from sending Beacons with 100ms.

 For 802.11a/n, if enabling more than 8 channels the roaming performance will be
degraded.

2.1.3 Compatibility information

All tests were done on AP3502I and AP3502E (Internal and external antennas). Due to the fact that
AP1140, AP 1250, AP1260 and AP3500 share WLAN chipset, their behavior on a low level can be
considered to be identical. We therefore ensure compatibility/interoperability with the entire
Cisco platform that shares this chipset

 Supported access points with Cisco WLC version 7.0.98:

o AP1040

o AP1140

o AP1250

o AP1260

o AP3500

 Supported controller platforms with Cisco WLC version 7.0.98:

o 210x WLC

o 440x WLC

o 550x WLC

o WISM (Wireless services module)

o 3750G Integrated WLC

2.1.4 General conclusion

Overall the outcome of interoperability verification, including association, authentication and

roaming produced good results. Roaming times are in general fully acceptable with for example
expected roaming times of 30ms both when using WPA2-AES and PEAP-MSCHAPv2.

If U-APSD shall be used in the handset it is very important that the WMM parameters in the Cisco
WLC are set correctly since U-APSD handles a bi-directional data stream where the up and
downlink must be transmitted within the same EDCA Access Category.

To use U-APSD, make sure to set QoS to Platinum for the current WLAN profile and set WMM to
Allowed. Also set EDCA profile for 802.11b/g to "Voice Optimized" and disable low latency MAC.

8AL90450USAA ed05 5 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

2.2 Configuration on Cisco WLC infrastructure

2.2.1 Connecting to the Controller via a Browser

1. Connect to the WLC by pointing your internet browser to the URL: https<IP_Addr> (where
<IP_Addr> is the IP address of the management interface of the WLC).

2. Click the Login prompt. The default User Name and Password is admin.

3. Once logged in properly, a page similar to the one below displays.

8AL90450USAA ed05 6 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

2.2.2 AP Provisioning

Layer 2 discovery

Lightweight AP will send LWAPP discover broadcast to find WLC in layer 2 after get IP address
from DHCP server.
So if the Cisco LAP and WLC are in the same subnets, we only need to configure DHCP server in
that subnet and LAP will connect to the WLC by LWAPP broadcast.

Layer 3 discovery

If LAP and WLC are in the different subnets, LAP can get WLC IP address through DNS Query.
For the access point (AP) to do so, you must configure your DNS to return controller IP addresses
in response to CISCO-LWAPP-CONTROLLER.localdomain, where localdomain is the AP domain
name. When an AP receives an IP address and DNS information from a DHCP server, it contacts the
DNS to resolve CISCO-LWAPP-CONTROLLER.localdomain. When the DNS sends a list of controller
IP addresses, the AP sends discovery requests to the controllers.

Configuration Procedure (use Windows 2003 server as an example):

1. Open DNS service console in win2003, Add a new forward lookup zone (here we added
wlan.com).

8AL90450USAA ed05 7 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

2. Add a new host”CISCO-LWAPP-CONTROLLER” in this forward lookup zone. Enter your

controllers Management Interface IP address in IP address field, and then click OK.

3. Configure DHCP server.

LAP needs to get DNS server address and DNS domain name from DHCP options.

Here we also use WINDOWS 2003 for example.

Open DHCP server console; go to the related scope where LAP gets IP address from.

Right click Scope Options, select Configure Options. Add these two options like below.

8AL90450USAA ed05 8 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

8AL90450USAA ed05 9 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

2.2.3 AP Configuration

1. Power-on and connect the APs to the network. Wait a few minutes for the APs to find the
controller.

2. Verify the APs are associated to the WLC.

3. From the main menu, click Monitor.

Configuration for the handsets running in 802.11b/g/n mode

1. From the main menu, click Wireless.

2. In the navigation pane, under Access Points click Radios, then select 802.11b/g/n. All the
APs that are connected should be listed, showing their Operational Status as UP.

3. Select Configure from the drop-down list for the access point you wish to change.

4. Set Admin Status to Enable.

5. Configure any other settings that might be relevant to your deployment as needed.

6. Click the Apply button to save all changes.

7. In the navigation pane under 802.11b/g/n, click Network.

8. For 802.11b/g Network Status and 802.11g Support, select the Enabled for 802.11g-only
mode.

9. Set the Beacon Period to 100.

10. Set the DTIM Interval to 5

11. Click the Apply button to save the settings.

8AL90450USAA ed05 10 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

Configuration for the handsets running in 802.11a/n mode

1. From the main menu, click Wireless.

2. In the navigation pane, under Access Points click Radios, then select 802.11a /n. All the
APs that are connected should be listed, showing their Operational Status as UP.

3. Select Configure from the drop-down list for the access point you wish to change.

4. Set Admin Status to Enable.

5. Configure any other settings that might be relevant to your deployment as needed.

6. Click the Apply button to save all changes.

7. In the navigation pane under 802.11a/n, click Network.

8. For 802.11a Network Status, select the Enabled check box.

9. Set the Beacon Period to 100.

10. Set the DTIM Interval to 5

11. Click the Apply button to save the settings.

2.2.4 Setting up the SSID

1. From the main menu, click WLANs.

2. In the WLANs screen, click the New…. button.

3. Enter the Profile Name and SSID.

4. Click the Apply button.

8AL90450USAA ed05 11 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

5. Select the Profile Name for the voice SSID.

6. Under the General tab, set the Radio Policy to 802.11b/g or 802.11a, depending on the
radio settings of the handsets

7. Enable WLAN Status.

8. Configure QoS. Under the QoS tab, set Quality of Service to Platinum. This is the required
setting for voice traffic and the configuration must match the handsets. Set WMM Policy to
Required or Allowed.

8AL90450USAA ed05 12 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

9. Click the Security tab. At Layer 2 Security select the desired security policy from the
drop-down list.

a. For PSK security, select WPA+WPA2.

b. For WPA2-PSK, under WPA+WPA2 Parameters:

i. Select the WPA2-Policy check box.

ii. Select the AES check box for WPA2-Encryption.

iii. At Auth Key Mgmt select PSK from the drop-down list.

c. For WPA-PSK, under WPA+WPA2 Parameters:

i. Select the WPA-Policy check box.

ii. Select the TKIP check box for WPA Encryption.

iii. At Auth Key Mgmt select PSK from the drop-down list.

The PSK Format may be selected as ASCII or HEX for both WPA-PSK and WPA2-PSK
policies.

d. For WPA2-Enterprise (802.1X), under WPA+WPA2 Parameters:

i. Select the WPA2 Policy check box.

ii. Select the AES check box for WPA2 Encryption.

iii. At Auth Key Mgmt, select 802.1X from the drop-down list.

8AL90450USAA ed05 13 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

10. Click the Apply button to save all changes.

2.2.5 Configure Radio for QoS

It is highly recommended that WMM-Admission Control (WMM-AC) is enabled for Voice and Video
on each radio used for VoIP.

If the handset is configured for with Admission Control set to Mandatory, then admission control
needs to be enabled on both voice and video access categories. If Admission Control is set to
Optional on the handset, then it is possible to skip the configuration steps enabling both the voice
and video access categories. In order to maintain enterprise grade quality of service, it is
recommended to enable admission control on the APs. It is not supported to have admission control
enabled for voice and disabled for video or vice versa.

1. From the main menu, click WIRELESS.

2. Select the radio to be configured. For example, the 802.11a/n.

a. Make Admission Control mandatory for Voice by clicking Voice in the navigation
pane and selecting the Admission Control (ACM) check box. This step is optional if
the handset is configured with Admission Control set to Optional. This setting must
match the setting for Video.

Click the Apply button to save the settings.

8AL90450USAA ed05 14 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

b. Make Admission Control mandatory for Video by clicking Video in the navigation pane and
selecting the Admission Control (ACM) check box. This step is optional if the handset is
configured with Admission Control set to Optional.

Click the Apply button to save the settings. This setting must match the setting for Voice.

8AL90450USAA ed05 15 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

3. Use WMM QoS by clicking EDCA Parameters in the navigation pane and selecting the WMM
from the EDCA Profile drop-down list.

4. Click the Apply button to save the settings.

8AL90450USAA ed05 16 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

2.2.6 Configure the Radius Server for 802.1x authentication

RADIUS servers must be configured if WPA2 Enterprise security is used on the handsets.

1. From the main menu, click SECURITY.

2. In the navigation pane, under RADIUS click Authentication.

3. Add a new RADIUS server by clicking the New… button.

4. Fill in the appropriate information matching the RADIUS server configured for the site.

5. Click the Apply button to save the settings.

8AL90450USAA ed05 17 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

6. Test the RADIUS server connection by pausing on the white triangle on the right side of the
server row and clicking Ping. There should be a response showing successful pings.

8AL90450USAA ed05 18 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

3. CISCO Autonomous AP

3.1 Introduction

3.1.1 Product Summary

All tests were performed with the APs in the table, but all access points listed in the
Comtech/PCS are supported.

The latest released version of OT8118/8128 handsets is recommended to deploy. (v4.2.2 is

delivered for WLAN_R5.4 release)

AP 1131, 1232
Model
AP1240, 1250
AP Radio(s) 2.4 GHz (802.11b/g), 5 GHz (802.11a)
WPA-PSK
WPA2-PSK
Security EAP-FAST
PEAPv0-MSChap2
EAP-TLS
QoS WMM
12.4(10b)JDA / 12.3(8)JEA
software version
12.4(21a)JA2 and 12.4(21a)JY
Handset model OmniTouch 8118/8128
Handset software 4.2.2

3.1.2 Known Limitations

 For 802.11a/n, if enabling more than 8 channels the roaming performance will be
degraded.

 During EAP-FAST authentication, the handset only supports auto provisioning “.PAC” file.
And it will try to download the “.PAC” file in each initialization.

8AL90450USAA ed05 19 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

3.2 Configuration on Cisco Autonomous APs

3.2.1 QoS Configuration

1. In the navigation pane, click SERVICES.

2. Select QoS from the sub-menu.

3. At Create/Edit Policy, create and name a new QoS policy.

4. To customize voice priorities, select the IP DSCP field, enter 46 in the text field, select
Voice < 10ms Latency (6) as the class of service, and click the Add button.

5. Likewise, to configure control packet priorities select the IP DSCP field, enter 40 in the
text field; select Controlled Load (4) as the class of service, and click the Add button.
This results in two classifications.

6. Click the Apply button in the Create/Edit Policies section of the screen.

8AL90450USAA ed05 20 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

7. Assuming both radios are being used, perform the following steps under Apply Policies to
Interface/VLANS:

a. Select WMM-PS for the following network interfaces:

i. Incoming for the FastEthernet

ii. Incoming and Outgoing for the Radio0-802.11G

iii. Incoming and Outgoing for the Radio1-802.11A

b. Click the Apply button to save the QoS policies.

8. Use WFA Defaults for Access Categories

a. For each radio used by the handsets, go to the Access Categories tab in the QoS
Services menu.

b. Click the WFA Default button to reset all access category settings to the WFA
default.

8AL90450USAA ed05 21 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

9. Click the Apply button in the Services: QoS Policies – Access Category section to save the
WFA default settings.

10. Enable Admission Control

a. For each radio used by the handsets, go to the Access Categories tab in the QoS
Services menu.

b. Enable both Video and Voice admission control.

c. Click the Apply button to save selections

11. Enable WMM

a. Go to the ADVANCED tab in the QoS Services menu.

b. Enable WMM for all radios used by handsets.

c. Disable QoS Element for Wireless Phones.

d. Disable IGMP Snooping.

e. Select yes to secure correct AVVID priority mapping and enable WMM for all used
interfaces.

f. Click Apply to save ADVANCED settings.

8AL90450USAA ed05 22 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

3.2.2 Security

Encryption manager

1. In the navigation pane, click SECURITY.

2. Select Encryption Manager from the sub-menu.

3. Under Encryption Modes, click the Cipher option.

4. For WPA-PSK, select TKIP from the Cipher drop-down list. For WPA2-PSK or WPA2-
Enterprise (802.1x), select AES CCMP from the drop-down list.

5. Under Encryption Keys, clear all Encryption Key fields.

6. Under Global Properties, select the Disable Rotation option.

7. Click the Apply button.

8AL90450USAA ed05 23 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

SSID manager

1. In the navigation pane, click SECURITY.

2. Select SSID Manager from the sub-menu.

3. Under Current SSID List, select the proper SSID from list box, or create a new one if
necessary. Make sure the correct radio interface is selected, Radio0-802.11G or Radio1-
802.11A.

4. Under Authentication Settings, select the Open Authentication check box.

8AL90450USAA ed05 24 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

Configure Open Authentication

1. For WPA-PSK or WPA2-PSK:

a. Select the Open Authentication check box.

b. Select <No Addition> from the drop-down list.

2. For WPA2-Enterprise:

a. Select the Open Authentication check box.

b. Select with EAP from the drop-down list.

Configure EAP Authentication Servers

Use the default settings for Server Priorities.

For WPA2-Enterprise security, the defaults will need to be defined.

8AL90450USAA ed05 25 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

Configure Client Authenticated Key Management:

1. Select Mandatory from the Key Management drop-down list.

2. Select the Enable WPA check box.

3. For WPA-PSK or WPA2-PSK configure the WPA Pre-shared Key field. Type in the key code
used in the handsets, and select the ASCII option. Characters are case-sensitive.

4. For CCX mode operation, or CCKM Fast Roaming when using WPA2-Enterprise security,
select the CCKM check box.

5. IMPORTANT: If Wi-Fi Standard QoS or CCX is being used, you must enable Call Admission
Control. A handset configured for Wi-Fi Standard QoS or CCX will not associate with an AP
that does not have this option enabled.

6. Click the Apply button.

Server manager (WPA2-Enterprise / 802.1x)

1. In the navigation pane, click SECURITY and select Server Manager.

2. Configure a new Corporate Server:

a. Select RADIUS from the dropdown list.

b. Enter hostname or IP address in the Server field.

c. Enter shared secret in the Shared Secret field.

3. Click the Apply button.

8AL90450USAA ed05 26 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

4. Configure Default Server Priorities. For Priority 1 under EAP Authentication, select the
corporate server created in step 2.

5. Click the Apply button.

8AL90450USAA ed05 27 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

3.2.3 Radio

ALU recommends disabling the lowest speeds and have 6mbits as lowest supported speed. To
further optimize performance it is recommended to disallow 802.11b clients to associate by
setting the 6 Mbps or 12Mbps rate to mandatory in the 802.11g configuration.

8AL90450USAA ed05 28 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

ALU recommended settings for 802.11b/g/n are to only use channel 1, 6 and 11. For 802.11a/n
use channels according to the infrastructure manufacturer and country regulations.

Note. For 802.11a, if using channels where DFS is mandatory roaming performance will be
degraded due passive scan only. ALU recommendation is therefore to avoid usage of DFS channels
if possible.

Note: For 802.11a, if enabling more than 8 channels the roaming performance will be degraded.

8AL90450USAA ed05 29 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

Under tab SECURITY/SSID Manager Set Beacon Period to 100ms and Data Beacon Rate (DTIM) to 5.
These values are recommended in order to allow maximum battery conservation without
impacting the quality.

4. Configuration on OT8118/8128 handsets

4.1 Configuration the parameters via WinPDM tool

During the deployment, the following parameters must be configured:

1. DHCP mode

a. Disable (Static mode) – Using static IP address

b. Only use Alcatel DHCP – Alcatel DHCP property must be configured on DHCP server.

c. Favor Alcatel DHCP – The handset will prefer to choose the DHCP server with
Alcatel property.

d. Use Any DHCP – The handset will use any DHCP offer depending on DHCP offer the
receiving time.

8AL90450USAA ed05 30 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

2. SSID

3. Security Mode

a. WEP

b. WPA-PSK and WPA2-PSK

c. EAP-FAST

i. “EAP authentication user name and password must be entered for this
security mode.

ii. OT8118/8128 only supports .pac file auto-privisioning.

d. PEAPv0-MSChap2

i. Root certification must be installed into the handset

ii. “EAP authentication user name and password must be entered for this
security mode.

e. EAP-TLS

i. Root certification and client certificate must be installed into the handset.

ii. User must specify the “EAP client certificate”.

4. Voice power save mode

5. TSPEC Call Admission Control

6. IP DSCP for voice – 0x2E (46)

7. IP DSCP for signalling –0x1A (26)

8AL90450USAA ed05 31 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

Using CCKM as Auth key mgmt in Cisco controller.

Security mode – Advanced

Advanced Network association – WPA2

Advanced Authenticated Key Management – CCKM

Advanced EAP type – EAP-TLS

Advanced Encryption type – AES-CCMP

8AL90450USAA ed05 32 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

4.2 Certificate installation

Right click the handset and click “Edit certificates”

To install the “root certificate”, please select “Root” tab and click “Edit” button to install the
certificates.

8AL90450USAA ed05 33 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

To install the “root certificate”, please select “Client” tab and click “Edit” button to install the
certificates.

8AL90450USAA ed05 34 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

5. APPENDIX A: CISCO WLC Configuration Reference for OT8118/8128

Cisco WLC 2106 Version 7.0.98

In the following chapter you will find screenshots and explanations of basic settings in order to get
a Cisco WLC WLAN system to operate with an OT8118/8128. Please note that security settings
were modified according to requirements in individual test cases.

5.1 Security settings (PSK)

Security profile WPA2-PSK, AES encryption

8AL90450USAA ed05 35 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

5.2 PEAP-MSCHAPv2 using an external authentication server.

Configuration of authentication using Radius sever, 802.1X (Step 1). In this example is WPA2-
AES/CCMP used.

Configuration of authentication using Radius sever (Step 2). Select the server to use. The server is
configured under tab Security/Radius. See configuration of server below.

8AL90450USAA ed05 36 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

Configuration of authentication using Radius sever (Step 3). The IP address and the secret must
correspond to the IP and the credential used by the Radius server. Tests were performed with
FreeRadius.

Note that depending on which Authentication method used it might be necessary to add a certificate
into the OT8118/8128. PEAP-MSCHAPv2 requires a Root certificate and EAP-TLS requires both a
Root certificate and a client certificate.

5.3 EAP-FAST using an internal authentication server

Configuration of authentication using internal Radius sever and EAP-FAST (Step 1). In this example
is WPA2-AES/CCMP used.

8AL90450USAA ed05 37 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

Configuration of authentication using internal Radius sever and EAP-FAST (Step 2). Check the box
“Local EAP Authentication” and choose your local EAP profile (created in step 4).

Configuration of authentication using internal Radius sever and EAP-FAST (Step 3). Create a local
user and assign a password.

8AL90450USAA ed05 38 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

Configuration of authentication using internal Radius sever and EAP-FAST (Step 3). Create a local
EAP profile and choose the EAP method to use.

5.4 General settings (QoS, Radio )

Make sure that WMM is enabled and Quality of Service (QoS) platinum profile is selected.

8AL90450USAA ed05 39 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

Disable “coverage Hole Detection” and “Session timeout”. Set DTIM period to recommended value
5. DTIM value 5 values are recommended in order to allow maximum battery conservation without
impacting the quality.

Channel configuration. See picture below for additional information.

8AL90450USAA ed05 40 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

The recommended settings for 802.11b/g are to only use channel 1, 6 and 11. For 802.11a/n use
channels according to the infrastructure manufacturer and country regulations.

Note. For 802.11a/n, if enabling more than 8 channels the roaming performance will be degraded.

Note for 802.11an: Using 40 MHz channels will reduce the number of non DFS channels to 2 in
ETSI regions.

If AP 1140/1250/1260/3500 is used together with AP1230 or AP1240, the system must be

configured to use a Beacon Interval of 102ms. This is due to a limitation in 1140/1250/1260/3500
that prevents the APs from sending Beacons with 100ms. Very important in installations with mixed
AP population!

Recommend disabling the lowest speeds and have 6mbits as lowest supported speed. To further
optimize performance it is recommended to disallow 802.11b clients to associate by setting the 6
Mbps or 12Mbps rate to mandatory in the 802.11g configuration.

8AL90450USAA ed05 41 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

OT8118/8128 do not support Dynamic Channel Assignment.

8AL90450USAA ed05 42 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

OT8118/8128 do not support Dynamic Power Assignment.

Use “EDCA Profile” Voice Optimized and disable low latency MAC

8AL90450USAA ed05 43 April 2013

Configuration Guide of Cisco Infrastructure for
OmniTouch™ 8118/8128 WLAN Handset

Depending on the infrastructure (switch) “Protocol Type” may have to be disabled.

END OF DOCUMENT

8AL90450USAA ed05 44 April 2013