Skip to content

How to enable CCX v.4 on Polycom Handset 8020-8030

August 27, 2012

During the deploy of these wireless phones,I’ve noticed that the CCX are not enable by default, and in order to enable these handset to benefit of Cisco Compatible Extension features, we have to configure a Wlan using WPA2 Enterprise autentication.

For more information about CCX program follow : http://www.cisco.com/web/partners/pr46/pr147/partners_pgm_concept_home.html

In my scenario I’ve in total:

1 Cisco WCS

5 Cisco WLC5508 with n* Capwap AP 1142 – 1262 ,

1 Cisco CSACS 5.2 (Radius Server) (Better 2 in HAA)

1 Cisco MSE 3300 Locator

So we can break this in 3 steps:

1- Configuring a new Wlan :

Login to WCS and select : Configure  >  Controller Template Launch Pad

then after defining the ssid and the relative interface, and other param, we can jump directly to Layer2 Security as show below the provision the template to all cotrollers in the actual wireless domain.

2. Configure the CSACS creating :

a new user-group, and a new username, for ex.: 7383 as the username, then a password.

Under Network Resources > Network Devices and AAA Clients

we add our Cisco WLC, then under  Access Policies > Access Services >

we create a new Access Services defining the allowed protocol as EAP-FAST profile (Allow EAP-GTC ) the the relative identity , group mapping and authorizazion.

3. Configure the handset under the menu : Network Config > WLAN Settings Custom/Security > WPA2-Enterprise EAP-FAST and for the Fast Handoff we are going to use the CCKM

(These mechanisms allow a phone to quickly and securely roam between
APs with a minimum disruption of audio.)
Then we imput the username and password define in the CSACS db.

For matching a high encryption and a easy to manage i suggest to shift to an “over the air” provisioning of the PAC, is a little less secure, instead of installing a single cerificate for a single phone, but it’s easy to manage, or you can single provision the PAC, and install the cert on every handset deployed, following the WPA2 Enterprise PEAP Certificate Enrollment and EAP-FAST Manual PAC Provisioning.

Test the authentication, if everithing goes well all CCX V.4 feature will be available on the phone, double check also with WCS, trying to search with the usrn of the phone, and if you have the locator active, you will display the actually phone location!

That’s all.

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

My80211.com

Networking tips

Wahl Network

Technical Solutions for Technical People