Cisco Systems 71642 manual Security Mechanisms Supported, Leap Considerations

Page 13

Hospitals can have several types of wireless networks installed. This includes 2.4 GHz non−802.11 equipment. This equipment can cause contention with other 2.4 GHz networks.

Wall−mounted diversity patch antennas and ceiling−mounted diversity omni−directional antennas are popular, but keep in mind that diversity is required.

Warehouses

Warehouses have large open areas that often contain high storage racks. Many times, these racks reach almost to the ceiling, where access points are typically placed. Such storage racks can limit the area that the access point can cover. In these cases, consider placing access points on other locations besides the ceiling, such as side walls and cement pillars. Also consider these factors when you survey a warehouse:

Inventory levels affect the number of access points needed. Test coverage with two or three access points in estimated placement locations.

Unexpected cell overlaps are likely because of multipath variations. The quality of the signal varies more than the strength of that signal. Clients might associate and operate better with access points farther away than with nearby access points.

During a survey, access points and antennas usually do not have an antenna cable connecting them. But in a production environment, the access point and antenna might require antenna cables. All antenna cables introduce signal loss. The most accurate survey includes the type of antenna to be installed and the length of cable to be installed. A good tool to use to simulate the cable and its loss is an attenuator in a survey kit.

Surveying a manufacturing facility is similar to surveying a warehouse, except that there might be many more sources of RF interference in a manufacturing facility. In addition, the applications in a manufacturing facility usually require more bandwidth than those of a warehouse. These applications can include video imaging and wireless voice. Multipath distortion is likely to be the greatest performance problem in a manufacturing facility.

Security Mechanisms Supported

In addition to static WEP and Cisco LEAP for authentication and data encryption, the Vocera Badges also support WPA−PEAP (MS−CHAP v2)/WPA2−PSK.

LEAP Considerations

LEAP allows devices to be authenticated mutually (badge−to−access point and access point−to−badge) based on a user name and password. Upon authentication, a dynamic key is used between the phone and the access point to encrypt traffic. However, the ASLEAP dictionary attack should be considered when you decide to use LEAP as your security solution:

Refer to Dictionary Attack on Cisco LEAP Vulnerability for more information.

If LEAP is used, a LEAP−compliant RADIUS server, such as the Cisco Access Control Server (ACS), is required to provide access to the user database. The Cisco ACS can either store the user name and password database locally, or it can access that information from an external Microsoft Windows NT directory. When using LEAP, ensure that strong passwords are used on all wireless devices. Strong passwords are defined as being between 10 and 12 characters long and can include both uppercase and lowercase characters as well as the special characters.

Because all the badges use the same password and it is stored within the badge, Cisco recommends that you use different user names and passwords on data clients and wireless voice clients. This practice helps with tracking and troubleshooting as well as security. Although it is a valid configuration option to use an external

Image 13
Contents Deployment Scenarios Document IDPrerequisites IntroductionExecutive Summary Requirements Components UsedVocera Badge Overview Vocera SolutionVocera Call Capacity Considerations Vocera Communications Server CapacityArchitecture Overview Voceras Infrastructure PlanningUnicast−Multicast Delivery Method Multicast in an Lwapp DeploymentLwapp Multicast−Multicast Multicast−Multicast Delivery MethodEnable IP Multicast Routing Router and Switch Multicast ConfigurationEnable PIM on an Interface Deployment Scenarios Disable Switch Vlan Igmp SnoopingMulticast Enhancements in Version 4.0.206.0 and Later Single Controller Deployment Single Controller in Multicast−Multicast ModeMultiple Controller Layer 3 Deployment Multiple Controller Layer 2 DeploymentConstruction Methods and Materials VoWLAN Deployments Ciscos ReccommendationsInventory Leap Considerations Security Mechanisms SupportedVoice, Data and Vocera VLANs Wireless Network InfrastructureNetwork Sizing Deployments and Configuration Switch RecommendationsBadge Configuration Tune AutoRF for Your Environment ∙ How do I know if the tranmit power is too hot or too cold? Create Interfaces Wireless Network Infrastructure ConfigurationCreate the Vocera Voice Interface Wireless−Specific ConfigurationWlan Configuration Wlan ConfigurationAP Detail Configure Access Point DetailConfigure the 802.11b/g Radio Wireless IP Telephony Verification Association, Authentication, and Registration Badge Loses Voice Quality while Roaming Common Roaming IssuesRegistration and Authentication Problems Audio ProblemsOne−sided Audio Choppy or Robotic AudioAppendix a AP and Antenna PlacementSignal Reflection Caused by a Wall Cisco Aironet 5959 Antenna Mounted to a Ceiling Interference and Multipath Distortion Signal−to−Noise Ratio SNRSignal Attenuation NetPro Discussion Forums − Featured ConversationsRelated Information