Security

I am assisting a k12 district in configuring a number of Cisco 7925 wireless hand sets to connect to their Aruba VC. I am unclear if we should use enterprise or personal security and what the corresponding configuration would be on the handset. The phone has the following options: Open, Open+WEP, Shared+WEP, LEAP, EAP-FAST, EAP-TLS, PEAP, Auto(AKM). I would like to keep things as quick and simple as possible without running "Open" and would like to be sure of a solution before making a road-trip to the school. I have already confirmed the phone can connect to the VOIP VLAN, using 128 bit WEP but would like to make it simpler for the end user to configure.

Appreciate any guidance or a document that provides the best answer.

You probably should avoid WEP as is it inherently insecure and by some considered even worse than open. And also your SSID will drop to legacy rates (54Mbps max) as the 802.11n standard does not allow WEP to be used on 11n SSIDs.

If you don't want to go for strong authentication with EAP-TLS, I would check if you can configure WPA2-PSK (pre-shared key, aka WPA2 Personal) That is what I see deployed many times for wireless VoIP phones if TLS is not an option or desirable. 

I probably should have stated this in my original post: I don't see options on the Aruba VC that corrilate with what I have available on the Cisco phone, outside of wep and open. I was hoping there was a way to implement wpa or wpa-2 but neither are an option on the phone.

I don't have such a phone, but found this page that suggests putting the security mode to auto for WPA2.

Can you try that?

That's almost comical... Thank you! it worked!