Interoperability Report - Ascom i62 Cisco WLC AP 1140/1250/1260/1600/2600/2700/3500/3600/3700. 1 2014-12-02

INTEROPERABILITY REPORT Ascom i62 Cisco 3650/3850/5760 AP1140/1250/1260/1600/2600/2700/3500/3600/3700 Cisco IOS XE version 03.03.04

Ascom i62 and OEM derivatives version 5.2.8

Ascom, Gothenburg

November 2014

[ ]

Interoperability Report - Ascom i62 Cisco WLC AP 1140/1250/1260/1600/2600/2700/3500/3600/3700. 2 2014-12-02

TABLE OF CONTENT: INTRODUCTION ........................................................................................................................... 3

About Ascom ............................................................................................................................ 3About Cisco .............................................................................................................................. 3

SITE INFORMATION .................................................................................................................... 4SUMMARY AND TEST RESULTS ................................................................................................ 5

Known issues ............................................................................................................................ 6Compatibility information .......................................................................................................... 6General conclusion ................................................................................................................... 6

APPENDIX A: TEST CONFIGURATIONS .................................................................................... 7Cisco Catalyst 3850 version 03.03.04 ...................................................................................... 7

Security settings (PSK) ......................................................................................................... 8802.1X authentication (PEAP-MSCHAPv2, EAP-FAST or EAP-TLS). ................................. 9WLAN Settings (QoS, DTIM, Session Timeout) .................................................................. 12Radio Settings ..................................................................................................................... 13

Ascom i62 ............................................................................................................................... 16Innovaphone IP6000 (IP PBX) ................................................................................................ 19

APPENDIX B: DETAILED TEST RECORDS .............................................................................. 20

Interoperability Report - Ascom i62 Cisco WLC AP 1140/1250/1260/1600/2600/2700/3500/3600/3700. 3 2014-12-02

INTRODUCTION This document describes necessary steps and guidelines to optimally configure the Cisco WLC platform with Ascom i62 VoWiFi handsets.

The guide should be used in conjunction with both Cisco and Ascoms configuration guide(s).

About Ascom

Ascom Wireless Solutions (www.ascom.com/ws) is a leading provider of on-site wireless communications for key segments such as hospitals, manufacturing industries, retail and hotels. More than 75,000 systems are installed at major companies all over the world. The company offers a broad range of voice and professional messaging solutions, creating value for customers by supporting and optimizing their Mission-Critical processes. The solutions are based on VoWiFi, IP-DECT, DECT, Nurse Call and paging technologies, smartly integrated into existing enterprise systems. The company has subsidiaries in 10 countries and 1,200 employees worldwide. Founded in the 1950s and based in Gteborg, Sweden, Ascom Wireless Solutions is part of the Ascom Group, listed on the Swiss Stock Exchange.

About Cisco Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. For ongoing news, please go to http://thenetwork.cisco.com.

Interoperability Report - Ascom i62 Cisco WLC AP 1140/1250/1260/1600/2600/2700/3500/3600/3700. 4 2014-12-02

SITE INFORMATION

Test Site: Ascom US 598 Airport Blvd, Suite 300 Morrisville, NC, US-27560 USA Participants: Karl-Magnus Olsson, Ascom HQ, Gothenburg Sweden TEST TOPOLOGY

Interoperability Report - Ascom i62 Cisco WLC AP 1140/1250/1260/1600/2600/2700/3500/3600/3700. 5 2014-12-02

SUMMARY AND TEST RESULTS Please refer to Appendix B for detailed results. WLAN Controller Features

High Level Functionality Result Association, Open with No Encryption OK Association, WPA-PSK, TKIP OK Association, WPA2-PSK, TKIP / AES Encryption OK Association, PEAP-MSCHAPv2 Auth., AES Encryption OK Association with EAP-FAST authentication OK Association, Multiple ESSIDs OK Beacon Interval and DTIM Period OK PMKSA Caching OK* WPA2-opportunistic/proactive Key Caching OK* WMM Prioritization OK Active Mode (load test) OK 802.11 Power-save mode OK 802.11e U-APSD OK 802.11e U-APSD (load test) OK *) Enabled by default Roaming

High Level Functionality Result Roaming, Open with No Encryption OK (typical roaming time 27ms) * Roaming, WPA-PSK, TKIP Encryption Not Tested Roaming, WPA2-PSK, AES Encryption OK (Typical roaming time 50ms)* Roaming, PEAP-MSCHAPv2 Auth, AES Encryption OK (Typical roaming time 57ms)* /**Roaming, EAP-FAST, CCKM OK (Typical roaming time 43ms)* *) Average roaming times are measured using 802.11b/g/n on AP3700. Refer to Appendix B for detailed test results * *) Measured times is with opportunistic/proactive Key Caching enabled (default enabled)

Interoperability Report - Ascom i62 Cisco WLC AP 1140/1250/1260/1600/2600/2700/3500/3600/3700. 6 2014-12-02

Known issues

- CAC/TSPEC. Downlink voice data packets incorrectly tagged (Best Effort instead of Voice) when Call Admission Control is enabled. Its critical for the user experience that the voice data is correctly prioritized. We can therefore not recommend using Call Admission Control until this issue is resolved.

For additional information regarding known issues, please contact interop@ascom.se

Compatibility information Supported access points with Cisco IOS XE 03.03.04: AP1140, AP1250, AP1260 AP1600, AP2600, AP2700 AP3500, AP3600, AP3700 Supported controller platforms with Cisco IOS XE 03.03.04: Cisco Catalyst integrated switch 3650 and 3850 Cisco Wireless Lan Controller 5760

General conclusion With exception of the problem with priority tagging in association with CAC the overall the outcome of interoperability verification, including association, authentication capacity test and roaming produced very good results.

Interoperability Report - Ascom i62 Cisco WLC AP 1140/1250/1260/1600/2600/2700/3500/3600/3700. 7 2014-12-02

APPENDIX A: TEST CONFIGURATIONS

Cisco Catalyst 3850 version 03.03.04 In the following chapter you will find screenshots and explanations of basic settings in order to get a Cisco IOS XE based WLAN system to operate with an Ascom i62.

System overview.

Interoperability Report - Ascom i62 Cisco WLC AP 1140/1250/1260/1600/2600/2700/3500/3600/3700. 8 2014-12-02

Security settings (PSK) Example of how to configure the system for PSK (WPA2-AES)

Security profile WPA2-PSK, AES encryption

- Select PSK and enter a key (Here in ASCII format) 3850(config-wlan)# security wpa wpa2 3850(config-wlan)# security wpa wpa2 ciphers aes 3850(config-wlan)#security wpa akm psk set-key ascii 0 SecretKey

Interoperability Report - Ascom i62 Cisco WLC AP 1140/1250/1260/1600/2600/2700/3500/3600/3700. 9 2014-12-02

802.1X authentication (PEAP-MSCHAPv2, EAP-FAST or EAP-TLS). Example of how to configure the system for .1X authentication

Configuration of authentication using external Radius sever, 802.1X (Step 1). In this example is WPA2-AES/CCMP used. Note. To use CCKM, replace 802.1X with CCKM in the drop down list. The security mode in the i62 has to be set to Advanced and CCKM has to be selected as Authentication Key Management instead of the default 802.11X.

Example of authentication configuration using external RADIUS sever (Step 2). Select the server Group to use. The server is configured under tab Security/RADIUS. See configuration of server in next step.

Interoperability Report - Ascom i62 Cisco WLC AP 1140/1250/1260/1600/2600/2700/3500/3600/3700. 10 2014-12-02

Configuration of authentication using external RADIUS sever (Step 3). The IP address and the secret must correspond to the IP and the credential used by the Radius server. All test involving dot1X security were using Cisco ACS version 5.5.

Create a RADIUS server group. Make sure your RADIUS server from step 3 is selected as an Assigned Server.

Interoperability Report - Ascom i62 Cisco WLC AP 1140/1250/1260/1600/2600/2700/3500/3600/3700. 11 2014-12-02

Create RADIUS server (Intop_ACS) 3850(config)#aaa group server radius Intop_ACS 3850(config-radius-server)#address ipv4 192.168.0.93 auth-port 1812 acct-port 1813 3850(config-radius-server)#key YourKey Create RADIUS server Group (Intop) and assign your Radius Server (Intop_ACS) 3850(config)#aaa group server radius Intop 3850(config-sg-radius)#server name Intop_ACS Enable dot1X 3850(config)#dot1x system-auth-control Configure WLAN 3850(config-wlan)#security wpa wpa2 ciphers aes 3850(config-wlan)#security dot1x authentication-list Intop 3850(config-wlan)#security wpa akm