 |
|
|
|
This document describes the interoperability of a ProCurve wireless services solution coupled with the HP iPAQ Voice Messenger to provide a secure Voice over WLAN (VoWLAN) solution with the following services:
- Secure wireless encryption with 802.1X
- Fast roaming
» Return to top
|
|
|
|
|
|
The HP iPAQ 514 Voice Messenger smartphone supports the following options:
- For authentication, the HP iPAQ 514 supports open authentication, shared, WPA, WPA-PSK, WPA2, and WPA2-PSK.
- For encryption, the device supports no encryption (disabled), as well as WEP, TKIP, and AES.
- For the 802.1X EAP type, the device supports PEAP, as well as Smart Card or Certificate.
This application note describes the configuration of WPA2 802.1X authentication with AES encryption and PEAP.
» Return to top
4.1 Configure the ProCurve WESM
To configure the ProCurve WESM for secure wireless encryption via WPA2-PSK:
- On the wireless edge services module, go to Network Setup > WLAN Setup and create a new WLAN called voice2.
- Configure this WLAN as follows:
- SSID: voice2
- VLAN ID: The VLAN you want to be assigned to the phone. This VLAN must be tagged on the WESM uplink from the switch menu. (For details, refer to Application Note AN-M1, or to the Wireless Services Module Administrator Guide).
- Authentication: 802.1X EAP.
- Encryption: Enable both WPA/WPA2 TKIP and WPA2 AES.
- In the main window Advanced Options panel, click to enable Use Voice Prioritization and select Voice as the Access Category.
- Click the Config button, and in the WPA/WPA2 window enable all three Fast Roaming options (PMK Caching, Opportunistic Key Caching, Pre-Authentication). Then click OK to return to the main Edit window.
- In the main Edit window, click the Radius Config button at the bottom to display the Radius Configuration window.
- In the Radius Configuration window supply the RADIUS Server Address and the RADIUS Shared Secret for 802.1X authentication, then click OK:
- Finally, to enable the new WLAN, highlight the voice2 WLAN, then click the Enable button at the bottom of the WLAN list window:
» Return to top
4.2 Configure the HP iPAQ Voice Messenger
To configure the HP iPAQ 514 Voice Messenger smartphone:
- From the main screen of the phone choose Start > Settings. You see a list of options:
- Phone
- Sounds
- Profiles
- Home Screen
- Clock & Alarm
- Connections
- Security
- Remove Programs
- More..
- Type 6 to select Connections. The following list appears:
- Wireless Manager
- Beam
- Bluetooth
- Dial-up
- GPRS
- Proxy
- VPN
- Wi-Fi
- More…
- Select Wireless Manager. This menu enables you to activate or deactivate the Wi-Fi, Bluetooth and phone.
- Ensure Wi-Fi is enabled, or else turn it on. (Use the arrows to move from one line to another in the display and the central button to select.) Then click Done to exit the Wireless Manager.
- From the Connections menu choose 8 for Wi-Fi. You see the list of all available wireless networks.
- Select the voice2 network. You see the first screen, with the network name (voice2) and a request for the Network Type.
- Choose Private/Work network, then click Next. You see the Network Key screen.
- On the Network Key screen, configure the settings as follows:
- Authentication: WPA2
- Data Encryption: AES
- Select the check box for The key is automatically provided.
Then click Next.
- On the 802.1X screen, check Use IEEE 802.1X network access control, and for EAP type select PEAP. Then click Finish.
- After a few seconds you are prompted to enter the 802.1X credentials. Enter credentials in the screen; for example:
- User name: john
- Password: hp
- Domain: proactive
The HP iPAQ smartphone authenticates using these credentials, and you can see the authentication success
in IAS and IDM:
» Return to top
|
|
|
|
|
|
Layer 2 roaming occurs when a phone that was associated to a radio port moves to another radio port adopted by the same WESM. The phone remains in the same VLAN.
Layer 3 roaming happens when a phone moves between two radio ports associated to different WESM modules. The voice WLAN is associated with different VLANs (and subnets) on the two modules. In this case, the phone keeps its originating IP address but the voice flow is tunneled by the current module to the home module.
For more information on L2/L3 roaming configurations, please refer to ProCurve Application Note AN-M3, How to configure L2 and L3 wireless roaming.
5.1 Fast roaming options
To enable a phone to transition faster between two radio ports and reduce the roaming time, you can configure these options:
- PMK caching
- Opportunistic key caching
- Pre-authentication
These options are available with 802.1X authentication.
The HP iPAQ 540 Voice Messenger supports PEAP, as well as Smart Card or Certificate. This application note utilizes PEAP
.» Return to top
5.2 Configure self-healing
The self-healing feature enables associating neighbors to each radio port. In case of failure of a radio port, the neighbors increase their transmit power to provide coverage and compensate for the failed RP. You can also enable interference avoidance, which causes radios to change their channel settings to avoid interfering with surrounding radios.
To enable self-healing:
- In the WESM, from the Special Features > Self Healing > Configuration tab, check the Enable Neighbor Recovery box, then click Apply.
- Then from the Neighbor Details tab click Detect Neighbors.
- You can now edit an RP radio to check that the other radios with same 802.11 mode (a or b/g) have been listed as neighbors.
» Return to top
5.3 Test roaming time
You can determine the roaming time by first using the WESM to determine the radio port to which the phone is associated. To test roaming time:
- From Device Association > Wireless Stations, note the radio’s Station Index.
- Go to Device Association > Radio Adoption Statistics and determine the MAC address of the corresponding radio port.
- To determine the switch port associated with this MAC address, use ProCurve Manager’s Find Node tool.
- Use the command show lldp info remote all on the switch if the radio ports are connected at layer 2.
- Or use show arp if the radio ports have IP addresses.
- If the phone is connected to a SIP PBX, initiate a call. Otherwise, from a machine on the network launch a continuous ping to the phone IP address, which you can see in the Wireless Stations list.
- From the switch CLI or Web agent disable the port of the RP to which the phone is associated. The phone should lose one or two pings, then subsequent pings should be successful again, indicating the phone has associated to a different RP:
.» Return to top
|
|
|
|
|
|
This section provides version numbers of firmware used for this application note, and explains how to upgrade the HP iPAQ Voice Messenger smartphone.
6.1 ProCurve switch and WESM firmware
Firmware versions of the switches used for this application note are as follows:
- K.13.09 for the ProCurve Switch 5406zl
- WT.01.15 for the ProCurve WESM zl
» Return to top
6.2 HP iPAQ firmware
Firmware used on the HP iPAQ 512 Voice Messenger firmware is as follows:
» Return to top
6.3 Upgrading firmware in the HP iPAQ Voice Messenger
To upgrade the phone’s firmware:
- Back up the smartphone’s configuration before the firmware upgrade. Upgrading firmware resets the HP iPAQ Voice Messenger to the factory default settings.
- Connect a PC to the smartphone via a USB cable and ActiveSync. (Refer to the phone documentation for details of ActiveSync.)
- Open the bootrom package on the PC, and follow the instructions on the PC and smartphone screens.
- The phone then reboots and is reset to the factory default settings, with the new firmware installed.
» Return to top
|
|
|
