With the introduction of wireless communication, Cisco Cius can provide voice and video communication within the corporate WLAN. Cisco Cius depends on and interacts with wireless access points (APs) and key Cisco IP telephony components, including Cisco Unified Communications Manager, to provide wireless voice communication. Cisco APs can run in standalone or unified mode. Unified mode requires the Cisco Unified Wireless LAN Controller.
Cisco Cius exhibits Wi-Fi capabilities that can use 802.11a, 802.11b, 802.11g, and 802.11n Wi-Fi.
The following illustration shows a typical WLAN topology that enables the wireless transmission of voice for wireless IP telephony.
Figure 1. WLAN with Cisco Cius
When Cisco Cius powers up, it attempts to associate with remembered networks if it is in range of those networks. If remembered networks are not within range, you can select a broadcasted network or manually add a network. For more information, see Configuring Wireless LAN.
The AP uses its connection to the wired network to transmit data and voice packets to and from the switches and routers. Voice signaling is transmitted to the Cisco Unified Communications Manager server for call processing and routing.
APs are critical components in a WLAN because they provide the wireless links or hot spots to the network. Cisco requires that APs supporting voice communications use Cisco IOS Release 12.4(21a)JY. For more information about APs, see the Cisco Cius Wireless LAN Deployment Guide.
Each AP has a wired connection to an Ethernet switch, such as a Cisco 3750 Series, that is configured on a LAN. The switch provides access to gateways and the Cisco Unified Communications Manager server to support wireless IP telephony.
Some networks have wired components that support wireless components. The wired components can comprise switches, routers, and bridges with special modules to enable wireless capability.
Wireless LANs must follow the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standards that define the protocols that govern all Ethernet-based wireless traffic. Cisco Cius supports the following standards:
802.11a - Uses the 5 GHz band that provides more channels and improved data rates by using Orthogonal Frequency Division Multiplexing (OFDM) technology. Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) support this standard.
802.11b - Specifies the radio frequency (RF) of 2.4 GHz for both transmitting and receiving data at lower data rates (1,2,5.5, 11 Mbps).
802.11d - Enables access points to advertise their currently supported radio channels and transmit power levels. The 802.11d-enabled client then uses that information to determine which channels and power levels to use. Cisco Cius requires World Mode (802.11d) to determine which channels are legally allowed for any given country. For supported channels, see Table 1. Make sure that 802.11d is properly configured on the Cisco IOS Access Points or Cisco Unified Wireless LAN Controller. For more information, see the World Mode (802.11.d) and theCisco Cius Wireless LAN Deployment Guide.
802.11e - Defines a set of Quality of Service (QoS) enhancements for Wireless LAN applications.
802.11g - Uses the same unlicensed 2.4 GHz band as 802.11b, but extends the data rates to provide greater performance by using OFDM technology. OFDM is a physical-layer encoding technology for transmitting signals by using RF.
802.11h - Provides DFS and TPC to the 802.11a Media Access Control (MAC).
802.11i - Specifies security mechanisms for wireless networks.
802.11n - Uses the radio frequency of 2.4 GHz or 5 GHz for both transmitting and receiving data, and enhances data transfer through the use of multiple input, multiple output (MIMO) technology, channel bonding, and payload optimization.
Cisco Cius has a single antenna and uses the Single Input Single Output (SISO) system, which supports MCS 0 to MCS 7 data rates only (72 Mbps with 20 MHz channels and 150 Mbps 40 MHz channels). MCS 8 to MCS 15 can optionally be enabled if there are 802.11n clients utilizing MIMO technology which can take advantage of those higher data rates.
The following table lists the supported channels for Cisco Cius.
Table 1 Supported Channels for Cisco Cius
2.412 - 2.472 GHz
1 - 13
5.180 - 5.240 GHz
36, 40, 44, 48
5.260 - 5.320 GHz
52, 56, 60, 64
5. 500 - 5.700 GHz
100 - 140
5.745 - 5.825 GHz
149, 153, 157, 161, 165
802.11j (channels 34, 38, 42, 46) are not supported.
World Mode (802.11.d)
List of Countries and their 802.11d codes
Cisco Cius uses 802.11d to determine which channels and transmit power levels to use and inherits its client configuration from the associated AP. Enable World Mode (802.11d) on the AP to use Cisco Cius in World Mode.
The following table lists countries and their 802.11d codes that Cisco Cius supports. For more information, see the Cisco Cius Wireless LAN Deployment Guide.
List of Countries and 802.11d Codes
Puerto Rico (PR)
Russian Federation (RU)
Saudi Arabia (SA)
Korea (KR / KP)
Costa Rica (CR)
South Africa (ZA)
Czech Republic (CZ)
New Zealand (NZ)
United Arab Emirates (AE)
United Kingdom (GB)
Hong Kong (HK)
United States (US)
For the Cisco Unified Wireless LAN Controller, World Mode is enabled automatically when a country code is entered. See the 802.11d section in Cisco Cius Wireless LAN Deployment Guide for the proper country code. For Cisco Autonomous Access Points, World Mode must be enabled manually. Use the following commands:
Interface dot11radio X
world-mode dot11d countryUS both
For 2.4 GHz radio, enter 0 for X in the Interface Command field. For 5 GHz radio, enter 1 for X.
WLAN communications use the following radio frequency ranges:
2.4 GHz - Many devices that use 2.4 GHz can potentially interfere with the 802.11b/g connection. An interferer can produce a Denial of Service (DoS) scenario, possibly preventing successful 802.11 transmissions.
5 GHz - The 5 GHz frequency provides more channels and has less interferers than the 2.4 GHz frequency. It is divided into several sections called Unlicensed National Information Infrastructure (UNII) bands, each with four channels. The channels are spaced at 20 MHz.
802.11 Data Rates Transmit Power Ranges and Decibel Tolerances
See the Radio Characteristics section in the Cisco Cius Wireless LAN Deployment Guide for Transmit (Tx) power capacities, data rates, ranges in feet and meters, and decibels tolerated by the receiver by 801.11 standard.
Wireless Modulation Technologies
Wireless communications use the following modulation technologies for signaling:
Direct-Sequence Spread Spectrum (DSSS) - Prevents interference by spreading the signal over the frequency range or bandwidth. DSSS technology multiplexes chunks of data over several frequencies so that multiple devices can communicate without interference. Each device has a special code that identifies its data packets and all others are ignored. Cisco wireless 802.11b/g products use DSSS technology to support multiple devices on the WLAN.
Orthogonal Frequency Division Multiplexing (OFDM) - Transmits signals by using RF. OFDM is a physical-layer encoding technology that breaks one high-speed data carrier into several lower-speed carriers to transmit in parallel across the RF spectrum. OFDM, when used with 802.11g and 802.11a, can support data rates as high as 54 Mbps.
The following table provides a comparison of data rates, number of channels, and modulation technologies by IEEE standard.
Table 2 Data Rates, Number of Channels, and Modulation Technologies by IEEE Standard
1, 2, 5.5, 11 Mbps
6, 9, 12, 18, 24, 36, 48, 54 Mbps
6, 9, 12, 18, 24, 36, 48, 54 Mbps
20 MHz Channels: 7 - 72 Mbps
40 MHz Channels: 15 - 150 Mbps
13 or 24
AP Channel and Domain Relationships
APs transmit and receive RF signals over channels within the 2.4 GHz or 5 GHz frequency band. To provide a stable wireless environment and reduce channel interference, you must specify nonoverlapping channels for each AP. The recommended channels for 802.11b and 802.11g in North America are 1, 6, and 11.
In a noncontroller-based wireless network, Cisco recommends that you statically configure channels for each AP. Some channels may need to be statically configured if there is an intermittent interferer to avoid disruptions in that area. If your wireless network uses a controller, use the Auto-RF feature with minimal voice disruption.
Bluetooth enables low-bandwidth wireless connections within a range of 30 feet (10 meters). The best performance is in the 3-to 6-foot (1- to 2-meter) range. Bluetooth wireless technology operates in the 2.4 GHz band which is the same as the 802.11b/g/n band. There can be a potential interference issues with Bluetooth devices, microwave ovens, cordless phones, and large metal objects; therefore, Cisco recommends that you use 802.11a or 802.11.n that operates in the 5 GHz band.
Cisco Cius uses the same APs as wireless data devices. However, voice traffic over a WLAN requires different equipment configurations and layouts than a WLAN that is used exclusively for data traffic. Data transmission can tolerate a higher level of RF noise, packet loss, and channel contention than voice transmission. Packet loss during voice transmission can cause choppy or broken audio and make the phone call inaudible. Packet errors can also cause blocky or frozen video.
Because Cisco Cius users move from location to location, RF coverage needs to include stairwells, elevators, quiet corners, outside conference rooms, and passageways. To ensure good voice quality and optimal RF signal coverage, you must perform a site survey. The site survey determines what AP platform, antenna type, AP placement, Tx power levels, channel, and data rates are best for this environment. Ensure that all required areas are surveyed so adequate coverage is provided.
After deploying and using wireless voice, continue to perform postinstallation site surveys. When you add a group of new users, install more equipment, or stack large amounts of inventory, you are changing the wireless environment. A postinstallation survey verifies that the AP coverage is still adequate for optimal voice communications.
Packet loss can occur during roaming; however, the security mode and the presence of fast roaming depicts how much packet loss occurs during transmission. Cisco recommends implementing Cisco Centralized Key Management (CCKM) to enable fast roaming.
At startup, Cisco Cius scans the channels for remembered profiles. Cisco Cius performs active scans (for remembered profiles) and passive scans (for broadcasted WLANs). Cisco Cius uses the Received Signal Strength Indicator (RSSI) variable to determine the best AP. RSSI measures the signal strength of available APs within the RF coverage area. Cisco Cius attempts authentication to a frequency band based on the 802.11 mode configuration for the discovered WLAN:
Auto - Cisco Cius connects to the AP with the highest RSSI value
5 GHz - Cisco Cius associates with 5 GHz channels
2.4 GHz - Cisco Cius associates with 2.4GHz channels
Cisco Cius associates with the AP with the highest RSSI that has matching SSID and encryption types. To ensure that voice traffic is handled properly, you must configure the correct QoS in the AP.
Voice and video traffic on the Wireless LAN, like data traffic, is susceptible to delay, jitter, and packet loss. These issues do not impact the data user, but have serious implications for a voice call. To ensure that voice traffic receives timely and reliable treatment with low delay and low jitter, you must implement QoS and use separate virtual LANs (VLANs) for voice/video and data. By isolating the voice and video traffic onto a separate VLAN, you can use QoS to provide priority treatment for voice and video packets when they travel across the network. Also, use a separate VLAN for data traffic, not the default native VLAN, which is typically used for all network devices.
Cisco recommends the following VLANs on the network switches and the APs that support voice and video connections on the WLAN:
Voice/Video VLAN - Voice traffic to and from Cisco Cius
Data VLAN - Data traffic to and from other wireless devices
Native VLAN - AP management
Assign separate SSIDs to the voice/video and to the data VLANs. If you configure a separate management VLAN in the WLAN, do not associate an SSID with the management VLAN.
By separating Cisco Cius devices into a voice VLAN and marking voice packets with higher QoS, you can ensure that voice traffic gets priority treatment over data traffic, resulting in lower packet delay and fewer lost packets.
Unlike wired networks with dedicated bandwidths, traffic direction is important for wireless LANs when implementing QoS. Traffic is classified as upstream or downstream from the AP as shown in the following illustration.
Figure 2. Voice traffic in a wireless network
Beginning with Cisco IOS release 12.2(11)JA, Cisco Aironet APs support the contention-based channel access mechanism called Enhanced Distributed Coordination Function (EDCF). The EDCF type of QoS has up to eight queues for downstream (toward the 802.11b/g clients) QoS. You can allocate the queues based on these options:
Differentiated Services Code Point (DSCP) settings for the packets
Layer 2 or Layer 3 access lists
VLANs for specific traffic
Dynamic registration of devices
Although you can have up to eight queues on the AP, Cisco recommends that you use only two queues for voice traffic to ensure the best possible voice QoS. Place voice (RTP) and signaling (SIP) traffic in the highest-priority queue, and place data traffic in a best-effort queue. Although 802.11b/g EDCF does not guarantee that voice traffic is protected from data traffic, you get the best statistical results by using this queuing model. The queues are:
Best Effort (BE) - 0, 3
Background (BK) - 1, 2
Video (VI) - 4, 5
Voice (VO) - 6, 7
Call Control (SIP) is sent as UP4 (VI). Video is sent as UP5 (VI) when Admission Control Mandatory (ACM) is disabled for video (Traffic Specification [TSpec] disabled). Voice is sent as UP6 (VO) when ACM is disabled for voice (TSpec disabled).
The following table provides a QoS profile on the AP giving priority to voice, video, and call control (SIP) traffic.
Table 3 QoS Profile and Interface Settings
To improve reliability of voice transmissions, Cisco Cius supports the IEEE 802.11e industry standard and is Wi-Fi Multimedia (WMM) capable. WMM enables differentiated services for voice, video, best-effort data, and other traffic. However, in order for these differentiated services to provide sufficient QoS for voice packets, only a certain amount of voice bandwidth can be serviced or admitted on a channel at one time. If the network can handle N voice calls with reserved bandwidth, when the amount of voice traffic is increased beyond this limit (to N+1 calls), the quality of all calls suffers.
To help address issues with VoIP call quality, an initial Call Admission Control (CAC) scheme is required. With SIP CAC enabled on the WLAN, QoS is maintained in a network overload scenario by ensuring that the number of active voice calls does not exceed the configured limits on the AP. During times of network congestion, the system maintains a small bandwidth reserve so wireless phone clients can roam into a neighboring AP, even when the AP is at "full capacity." After reaching the voice bandwidth limit, the next call is load-balanced to a neighboring AP without affecting the quality of the existing calls on the channel.
Cisco Cius utilizes TCP for SIP communications and Cisco Unified Communications Manager registrations could potentially be lost if an AP is at full capacity. Frames to or from a client that has not been "authorized" via CAC can be dropped, leading to Cisco Unified Communications Manager de-registration. Therefore it is recommended to disable SIP CAC.
Implementing QoS in the connected Ethernet switch is highly desirable to maintain good voice quality. The Class of Service (COS) and DSCP values that Cisco Cius sets do not need to be modified.
The DSCP, COS and WMM UP markings correctly display for the optimum transmission of video frames. Cisco Cius does not support Voice and Video CAC; Cisco recommends that you implement SOP CAC.
Interacting with Cisco Unified Communications Manager
Cisco Unified Communications Manager is the call control component in the network that handles and routes calls for the wireless IP phones, including Cisco Cius. Cisco Unified Communications Manager manages the components of the IP telephony system - Cisco Cius devices, access gateways, and the resources - for such features as call conferencing and route planning. When deploying Cisco Cius on a wireless LAN, you must use Cisco Unified Communications Manager Release 8.5 or later and the SIP protocol.
You can find more information about configuring Cisco Unified Communications Manager to work with Cisco Cius and IP devices in the Cisco Unified Communications Manager Administration Guide, Cisco Unified Communications Manager System Guide, and Cisco Cius Wireless LAN Deployment Guide.
Security for Voice Communications in WLANs
Because all WLAN devices that are within range can receive all other WLAN traffic, securing voice communications is critical in WLANs. To ensure that voice traffic is not manipulated or intercepted by intruders, Cisco Cius and Cisco Aironet APs are supported in the Cisco SAFE Security architecture. For more information about security in networks, See http://www.cisco.com/en/US/netsol/ns744/networking_solutions_program_home.html.
Cisco Secure Access Control Server Certificate Setup
Cisco Secure Access Control Server (ACS) is an authentication server that uses EAP-TLS and PEAP authentication protocols and digital certification to ensure the protection and validity of authentication information. For each EAP authentication method, certificate(s) must be installed and correctly configured.
ACS Certificates are configured in the ACS Certificate Setup page below.
The server certificate installation must adhere to the following guidelines:
Installation is performed using the Install ACS Certificate configuration page.
The certificate usually contains two files: server.pem and server_privatekey.crt with a private key password.
The root certificate authority (CA) must be configured using the ACS Certification Authority Setup configuration page.
The root CA must be a trusted CA in the Edit Certificate Trust List configuration page.
If the server certificate is created using an intermediate CA, the root CA must be configured for every CA in the chain between the root CA and the server certificate. This also applies to a user certificate created using an intermediate CA. The following are examples of using intermediate CAs:
Wi-Fi-Root-CA is the root CA.
Wi-Fi-Intermediate-CA-srv is the intermediate CA (signed by Wi-Fi-Root-CA) that signed the server certificate to be installed on ACS.
Wi-Fi-Intermediate-CA-sta is the CA certificate that signed the user certificate to be installed on the client (Cius).
In addition to the certificate setup, a user account that matches the common name of the user certificate must be created.
All the CA certificates in the certificate chain need to be installed and trusted as shown below.
Figure 3. Installed and Trusted CA Certificates
PEAP-GTC and PEAP-MSCHAPV2 Setup
All CA certificates in the certificate chain need to be installed and trusted. A user account must be created , which can have the same user ID as in the AD.
An example of EAP-TLS, PEAP-GTC and PEAP-MSCHAPV2 setup in System Configuration -> Global Authentication Setup is shown below.
To ensure that voice traffic is secure, Cisco Cius supports the following encryption methods:
AES (Advanced Encryption Scheme)
TKIP/MIC (Temporal Key Integral Protocol/Message Integrity Check)
WEP (Wired Equivalent Protocol) 40/64 and 104/128 bit
Voice over the Wireless LAN (VoWLAN) via Outdoor MESH technology (Cisco 1500 Series) is not supported.
Third-party access points are not fully supported or certified because no testing is performed to guarantee interoperability. However, if the access point is Wi-Fi compliant, basic interoperability should be available. Some features, such as CCX, and other key features, such as WMM, Unscheduled Auto Power Save Delivery (U-APSD), Dynamic Transmit Power Control (DTPC), proxy ARP, 802.11d, 802.11e, 802.11i, 802.11h, and CCKM may not be available.
Ensure that the Wi-Fi coverage in the location where the wireless is deployed is suitable for transmitting video and voice packets. See the Cisco Cius Wireless LAN Deployment Guide, which includes the following configuration sections:
Configuring Cisco Unified Communications Manager
Configuring the Cisco Wireless LAN Controller and Access Points
Configuring Cisco Cius
Before Cisco Cius can connect to the WLAN, you must configure the network profile for Cisco Cius with the appropriate WLAN settings. You can use the Network Setup menu on Cisco Cius to access the WLAN Setup submenu and set up the WLAN configuration. For instructions, see the Wireless and Network Settings Menu.