Fast Secure Roaming for Cisco Unified Wireless IP Phone 7925

E.

To support fast secure roaming with Cisco Unified Wireless IP Phone 7925 running firmware release 1.3.4 on a Cisco Unified architecture, we need to consider the following:

• Opportunistic Key Caching (OKC): This feature enables a fast and seamless handoff between access points (APs) within the same mobility domain by caching the pairwise master keys (PMKs) used during the initial 802.1X authentication process. The cached PMKs can then be reused for subsequent handoffs, reducing the reauthentication time and improving the user experience. However, not all controllers and clients support OKC, so we need to verify if this feature is available.

• Private Key Cryptography (PKC): This feature provides a more secure and scalable method of 802.1X authentication by using public-key cryptography to eliminate the need for pre-shared keys (PSKs) or dynamic key exchange protocols like EAP-FAST. PKC also enables OKC by allowing the AP to securely obtain the PMK from the authentication server without disclosing it to the client. However, PKC requires additional processing power and memory on both the controller and the client, so we need to verify if this feature is supported.

Based on these considerations, the correct answer is F. The 7925 supports PKC, so use WPA2 802.1X. This configuration enables both OKC and PKC, providing the best performance and security for fast secure roaming while maintaining a scalable deployment. Answer A is also technically correct, but it only mentions PKC support on the controller, not on the client, so it may not provide the best performance and security. Answers B, C, D, and E are incorrect because they either do not support OKC or do not use the most secure and scalable authentication method.