Your customer is having wireless VoIP problems.
When the Cisco 7925 phones roam from AP1 to AP2, the voice drops out and comes back.
The phones are set up for PEAP/WPA1-AES with CCKM to an external RADIUS server.
The APs and WLAN are set up in FlexConnect mode.
Which statement explains the issue?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Fast Secure Roaming via CCKM is supported only among APs within the same FlexConnect group.As the number of APs within a Flex group is limited (for example, on the 5508 WLC, to 25 APs), FlexConnect is not suited to large deployments.
https://www.cisco.com/c/en/us/support/docs/collaboration-endpoints/unified-wireless-ip-phone-7925g/200032-How-to-get-your-792x-wireless-phones-The issue is likely related to the FlexConnect mode of the APs and the CCKM ( Cisco Centralized Key Management) configuration with PEAP/WPA1-AES on the phones.
FlexConnect is a wireless deployment mode in which access points (APs) can provide wireless services while disconnected from the central controller. In FlexConnect mode, APs can cache user credentials and perform client authentication locally. This is different from the centralized deployment mode, where APs rely on the central controller for user authentication.
CCKM ( Cisco Centralized Key Management) is a wireless security protocol that allows APs to pre-cache and distribute pairwise master keys (PMKs) to wireless clients, allowing for fast and secure roaming between APs.
PEAP (Protected Extensible Authentication Protocol) is a security protocol that provides an encrypted tunnel between a wireless client and an authentication server (in this case, an external RADIUS server) for user authentication.
WPA (Wi-Fi Protected Access) is a security protocol that provides data encryption and user authentication for wireless networks. WPA1-AES (Advanced Encryption Standard) is a specific encryption method used with WPA that provides stronger encryption than the original WPA-TKIP (Temporal Key Integrity Protocol).
Based on the information provided, the issue may be related to the compatibility of PEAP/WPA1-AES with CCKM in FlexConnect mode.
Option A suggests that PEAP with WPA-AES is not supported with CCKM and recommends using EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) instead. However, this option does not specify any issue related to FlexConnect mode, and it is unclear whether EAP-FAST is compatible with FlexConnect.
Option B suggests that the APs have been added to the FlexConnect group, which is the correct configuration for APs in FlexConnect mode. However, this option does not explain the issue with VoIP calls dropping when the phones roam between APs.
Option C suggests that the APs have not been added to the FlexConnect group. This would be an incorrect configuration for APs in FlexConnect mode and could cause issues with client authentication and roaming. However, this option does not explain the issue with VoIP calls dropping when the phones roam between APs.
Option D suggests that PEAP with WPA2-AES is not supported with CCKM and recommends using LEAP (Lightweight Extensible Authentication Protocol) instead. However, this option does not address the issue with PEAP/WPA1-AES in FlexConnect mode.
Therefore, based on the information provided, option A is the most likely explanation for the issue with wireless VoIP calls dropping when the Cisco 7925 phones roam between APs in FlexConnect mode with CCKM and PEAP/WPA1-AES.