Tags
Here are some important VoWLAN specific configurations as per the 7925 deployment Guide. This is not the complete (you should read the full Deployment Guide end to end)
WLAN Advanced Settings
* Configure Enable Session Timeout as necessary per your requirements. It is recommended to either disable the session timeout or extend the timeout (e.g. 24 hours / 86400 seconds) to avoid possible interruptions during audio or video calls. If disabled it will avoid any potential interruptions altogether, but enabling session timeout can help to re-validate client credentials periodically to ensure that the client is using valid credentials.
* Enable Aironet Extensions (Aironet IE).
* Peer to Peer (P2P) Blocking Action should be disabled.
* Configure Client Exclusion as necessary.
* Off Channel Scanning Defer can be tuned to defer scanning for certain queues as well as the scan defer time. If using best effort applications frequently (e.g. web browsing, VPN, etc.) or if DSCP values for priority applications (e.g. voice, video, call control) are not preserved to the access point, then is recommended to enable the lower priority queues (0-3) along with the higher priority queues (4-6) to defer off channel scanning as well as potentially increasing the scan defer time.
* The Maxium Allowed Clients Per AP Radio can be configured as necessary.
* DHCP Address Assignment Required should be disabled.
802.11 Network Settings
* If using 5 GHz, ensure the 802.11a network status is Enabled.
* Set the Beacon Period to 100 ms.
* Ensure DTPC Support is enabled.
* If using 802.11n capable access points, ensure ClientLink is enabled.
* With the current releases, Maximum Allowed Clients can be configured.
* Configure 12 Mbps as the mandatory (basic) rate and 18 – 24 or 54 Mbps as supported (optional) rates. 36-54 Mbps can optionally be disabled, if there are not any applications that can benefit from those rates (e.g. video).
* Enable CCX Location Measurement.
* If using 2.4 GHz, ensure the 802.11b/g network status and 802.11g is enabled.
* Set the Beacon Period to 100 ms.
* Short Preamble should be Enabled in the 2.4 GHz radio configuration setting on the access point when no legacy clients that require a long preamble are present in the wireless LAN. By using the short preamble instead of long preamble, the wireless network performance is improved.
* Ensure DTPC Support is enabled.
* If using 802.11n capable access points, ensure ClientLink is enabled. With the current releases, Maximum Allowed Clients can be configured.
* Configure 12 Mbps as the mandatory (basic) rate and 18 – 24 or 54 Mbps as supported (optional) rates assuming that there will not be any 802.11b only clients that will connect to the wireless LAN. If 802.11b clients exist, then 11 Mbps should be set as the mandatory (basic) rate and 12-24 or 54 Mbps as supported (optional).
36-54 Mbps can optionally be disabled, if there are not any applications that can benefit from those rates (e.g. video).
* Enable CCX Location Measurement.
Call Admission Control
* It is recommended to enable Admission Control Mandatory for Voice and configure the maximum bandwidth and reserved roaming bandwidth percentages for either 5 or 2.4 GHz depending on which frequency band is to be utilized. The maximum bandwidth default setting for voice is 75% where 6% of that bandwidth is reserved for roaming clients. Roaming clients are not limited to using the reserved roaming bandwidth, but roaming bandwidth is to reserve some bandwidth for roaming clients in case all other bandwidth is utilized.
* If CAC is to be enabled, will want to ensure Load-based CAC is enabled, which is available for the Cisco Unified Wireless LAN Controller, but not currently available on the Cisco Autonomous access point platform. Load-based CAC will account for non-TSPEC clients as well as other energy on the channel.
* Enable Traffic Stream Metrics (TSM).
In the Media settings, Unicast Video Redirect and Multicast Direct Enable should be enabled
DFS (802.11h)
* In the DFS (802.11h) configuration, channel announcement and quiet mode should be enabled.
* Power Constraint should be left un-configured or set to 0 dBm as DTPC will be used by the Cisco Unified Wireless IP Phone 7925G, 7925G-EX, and 7926 to control the transmission power. In later versions of the Cisco Unified Wireless LAN Controller it does not allow both TPC (Power Constraint) and DTPC (Dynamic Transmit Power Control) to be enabled simultaneously.
* Channel Announcement and Channel Quiet Mode should be enabled.
CCKM Timestamp Tolerance
* As of the 7.0.98.218 release, the CCKM timestamp tolerance is configurable.
In previous releases, the CCKM timestamp tolerance was set to 1000 ms and non-configurable. The default CCKM timestamp tolerance is still set to 1000 ms in the later releases.
* It is recommended to adjust the CCKM timestamp tolerance to 5000 ms to optimize the Cisco Unified Wireless IP Phone 7925G, 7925G-EX, and 7926G roaming experience.
(WLC) >config wlan security wpa akm cckm timestamp-tolerance <tolerance>
Allow CCKM IE time-stamp tolerance <1000 to 5000> milliseconds; Default tolerance 1000 msecs
Use the following command to configure the CCKM timestamp tolerance per Cisco recommendations.
(WLC) > config wlan security wpa akm cckm timestamp-tolerance 5000 <WLAN id >
To confirm the change, enter “show wlan <WLAN id>”, where the following will be displayed.
CCKM tsf Tolerance…………………………. 5000
Auto-Immune
The Auto-Immune feature can optionally be enabled for protection against denial of service (DoS) attacks. Although when this feature is enabled there can be interruptions introduced with voice over wireless LAN, therefore it is recommended to disable the Auto-Immune feature on the Cisco Unified Wireless LAN Controller. The Auto-Immune feature was introduced in the 4.2.176.0 release, which was enabled by default and non-configurable. As of the 4.2.207.0, 5.2.193.0 and 6.0.182.0 releases this feature is disabled by default but can be enabled optionally.
To view the Auto-Immune configuration on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter the following command.
(WLC) >show wps summary
Auto-Immune
Auto-Immune……………………………… Disabled
WLAN Controller Advanced EAP Settings
Need to ensure that the advanced EAP settings in the Cisco Unified Wireless LAN Controller are configured per the information below. To view the EAP configuration on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter the
following command.
(Cisco Controller) >show advanced eap
EAP-Identity-Request Timeout (seconds)……….. 30
EAP-Identity-Request Max Retries…………….. 2
EAP Key-Index for Dynamic WEP……………….. 0
EAP Max-Login Ignore Identity Response……….. enable
EAP-Request Timeout (seconds)……………….. 30
EAP-Request Max Retries…………………….. 2
EAPOL-Key Timeout (milliseconds)…………………. 400
EAPOL-Key Max Retries………………………. 4
If using 802.1x or WPA/WPA2, the EAP-Request Timeout on the Cisco Unified Wireless LAN Controller should be set to at least 20 seconds. In later versions of Cisco Unified Wireless LAN Controller software, the default EAP-Request Timeout was changed from 2 to 30 seconds. The default timeout on the Cisco ACS server is 20 seconds. To change the EAP-Request Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter the following command.
(Cisco Controller) >config advanced eap request-timeout 30
* If using WPA/WPA2 PSK then it is recommended to reduce the EAPOL-Key Timeout to 400 milliseconds from the default of 1000 milliseconds with EAPOL-Key Max Retries set to 4 from the default of 2.
* If using WPA/WPA2, then using the default values where the EAPOL-Key Timeout is set to 1000 milliseconds and EAPOLKey Max Retries are set to 2 should work fine, but is still recommended to set those values to 400 and 4 respectively.
* The EAPOL-Key Timeout should not exceed 1 second (1000 milliseconds). To change the EAPOL-Key Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter the following command.
(Cisco Controller) >config advanced eap eapol-key-timeout 400
* To change the EAPOL-Key Max Retries Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter the following command.
(Cisco Controller) >config advanced eap eapol-key-retries 4
Related Posts
1.7925G – Power Management
2.7925 Deployment Guidelines Summary
3.7 Guidelines for Better VoWLAN
4.
mrn-cciew 
I love you! tons of useful info about wireless here!
Thanks
Hi friend, I’m newbie on WIFI world and your blog is really nice to learn. I’m preparing a LAB and I have one doubt about “Session Timeout”. What could be the consequences of disabling it?.
Thank you in advance.
David.
Hi David,
by default it is enabled & set it to 1800 sec. (30min). So once user authenticated, his/her session will expire in 30 min. Depend on security methods, it may require to reauthenticate (eg 802.1X) or disconnect.
I have kept my 802.1X WLAN this value to 14400 (4 hours). Again if you like you can disable it completely. So there is no set time lime for session to be re-authenticated.
HTH
Rasika
Thank you so much for this info. Do you know what would cause Spectralink 8440 (802.11a) connected to 4800s (5Ghz) cause the audio to be silent or dropping call intermittently. This happens when the user is calling someone locally and when they answer the phone they can hear each other for a sec then the call goes silence. Can’t get my head around this. Thanks
Have’t got any experience with those end points. I would suggest to check end point firmware version & their vendor documentation as well as Cisco known bug with it..
HTH
Rasika
Thank you for your response. I found out disabling CAC on the WLC resolved the issue. It’s just weird because for best practice when looking at the Spectralink document that want CAC enabled and set for static and bandwidth set at 55. I’m just glad I was able to resolve the issue. Thank you and love the website. Wish me good luck…taking my 300-425 soon.
Glad to hear you were able to fix it… of course, wishing you good luck for your exam… keep us posted
Rasika