SpectraLink NetLink Wireless Telephones Best Practices White Paper Wireless Telephone User Manual

White Paper

Page 14

5.1.3 Emerging

Security
Standards

Recognizing the need for stronger security standards, the IEEE is
developing the 802.11i standard, which is expected to be ratified in late
2004. The 802.11i standard includes stronger encryption, key
management, and authentication mechanisms. An interim solution
endorsed by the Wi-Fi Alliance is Wireless Protected Access (WPA),
which is a subset of the 802.11i standard.

SpectraLink is committed to industry standards and will implement the
802.11i security standard once it is ratified. Depending on the required
components of this standard, an enhanced security method that is
conducive to mobile voice requirements, like the Cisco FSR mechanism,
may be required to provide the best voice quality.

5.2 Utilizing

VLANs

Virtual LANs (VLANs) can be used to segregate traffic into different
security classes. By using separate VLANs, data traffic can utilize the
most robust, but process intensive, security methods.

The 802.1Q standard establishes a method for inserting VLAN
membership information into Ethernet frames via header information
tags. NetLink infrastructure equipment and SpectraLink Voice Priority
are not compatible with 802.1Q tags. The Ethernet switch must remove
802.1Q tags prior to forwarding packets destined for NetLink Telephony
Gateways or a NetLink SVP Server. In other words, the Ethernet switch
ports must not be configured as trunked ports.

5.3 MAC

Filtering

and
Authentication

Access points can be configured to filter certain MAC addresses, which
can be used as a method of securing the wireless LAN. This process
generally works, but does cause some performance issues on some
APs.

A more robust method of using MAC addresses to secure the network
utilizes authentication back to a RADIUS server. In general, the delays
caused by this authentication are not acceptable for voice traffic. Having
the RADIUS server on the local network will help reduce delays, but the
response time of the server may still be an issue. Adding any network
delays will compound the issue. Network administrators should evaluate
whether such delays are not great enough to affect the voice quality of
NetLink Wireless Telephones.

5.4 Firewalls

and

Traffic Filtering

The traffic filtering capabilities of firewalls, Ethernet switches, and
wireless switches can be used as security methods by allowing only
certain types of traffic to pass onto specific areas of the LAN. To
properly provide access control, it is necessary to understand the kind of
IP traffic utilized by the NetLink Wireless Telephones.

When using NetLink Telephony Gateways to interface to a traditional
PBX, the NetLink Wireless Telephones utilize the SpectraLink Radio
Protocol (ID 119). This protocol in on a peer level with TCP and UDP
and does not uses ports unique to TCP and UDP.

For an IP telephony server interface, the ports that are used depend on