Wednesday, January 30, 2008

Cisco and Nokia Dual-Mode for Dummies



Finally I succeeded in configuring my dual-mode Nokia e65 as a SCCP client for our Cisco Unified Communication Manager 6.

As it wasn't simple at all to set up the Nokia to use the Cisco's recommended WLAN security configuration I publish here the result of two days of tweaking on both Cisco WLC and my Nokia e65.

Cisco says (link here) :
The optimal configuration for the controller configuration for the WLAN supporting Cisco Unified Wireless IP Phone 7921s is for the WPA security protocol with TKIP encryption and IEEE 802.1X with CCKM key management.
So, here's how my WLC looks like (seen from WCS) :







Note : I've seen on some document from Nokia that broadcasted SSIDs work better on e-series devices than hidden ones.

Now the Nokia side of the problem. Just remember two things :

1) Not everything it's in the e65 menu means exactly what you think it should mean.
2) Disable every protocol, setting or cipher algorithm you do not use!

First of all you should have your corporate root Certificate installed in your phone. I got it from my Outlook Web Access, navigating from the phone, using my GPRS access obviously.

Remind to have an Internet access (via GPRS or via another WLAN access), you'll need it to activate your free license for Intellisync unless you have the definitive license at your very first activation (not my case).

Now get in the Tools->Connection->Access points->Options->New access point.
Here's my working configuration

-Connection name : VoWLAN
-Databearer : Wireless WAN
-WLAN netw. name: [Your SSID here]
-Network status: Public
-WLAN netw. mode: Infrastructure
-WLAN security mode: 802.1x (NOT WPA/WPA2)
-WLAN security settings :
--WPA mode: EAP
--EAP plug-in settings:
---EAP-PEAP (select only this, put in the higher position and disable all the others) :

---General:
----User certificate: not defined
----CA certificate: [Your Corporate Certificate here]
----User name in use: User-configured
----User name: [Your user name]
----Realm in use: User-configured
----Realm: [balnk]
----Allow PEAPv0 : Yes
----Allow PEAPv1 : Yes
----Allow PEAPv2 : No

---EAP:
----EAP-MSCHAPv2 (select only this, put in the higher position and disable all the others) :
-----User name: [Realm]\[Your user name]
-----Prompt password: No
-----Password: [Your password]

---Cipher:
----RSA,3DES,SHA [enabled]
----DHE-RSA,3DES,SHA [enabled]
----DHE-DDS,3DES,SHA [enabled]
----[disable alle the others]

et voilĂ , now your WLAN connection is ok.

Next steps are simpler, and all illustrated on the Nokia businness website i.e. :

Install the Cisco option package (COP) file for Nokia Intellisync Call Connect for Cisco clients in your Communications Manager.

Install the Nokia Intellisync Call Connect for Cisco clients in your Nokia e65.

Activate (via Internet) or install your license.

Configure the SCCP Profile for using your brand new WLAN connection. (instructions here)

Configure the Internet Telephony Profile to use the SCCP profile. (instructions here)

The End.

08-20-2008 Update :

Here's a follow up to implement CCKM support.