Badge Properties Editor / Using the Badge Properties Editor |
This section lists the badge properties that you can configure using the BPE on your B3000 Badge.
Enter information or check the following badge properties:
Fields | Description |
---|---|
Profiles | |
Selected Profiles | Specifies the name of the profile you selected to control general behavior. You must use the profiles.txt files for environments that require more than one wireless profile in a dynamic campus-type setting. |
Create Profile | Allows you to create a new profile to control general behavior. |
General Settings | |
Server IP Address* |
Specifies the IP address of the computer that runs the Vocera Voice Server. This is a required field. Use dotted-decimal notation to specify this value. For example, 192.168.3.7. If you are configuring a cluster, enter the IP address of each machine in the cluster, separated by commas, with no spaces. Note: Do not enter more than four comma-separated IP addresses. The
Vocera Voice Server supports a maximum
of four cluster nodes.
|
SSID* |
Specify an SSID other than vocera (all lower-case) for your production server. Badges are factory-programmed to use the vocera SSID to establish a wireless connection to the configuration computer that you have set up for your Vocera system. |
Hide Boot Menus |
Specifies the option to prevent configuration menus to be displayed on a badge. The menus provide access to powerful utilities for maintenance and troubleshooting. Use these utilities only when you are working with Vocera Technical Support. Note: This property is ignored by the B3000 and B3000n badges, with
menus always hidden.
|
Group Mode |
Specifies the option to ensure noise-canceling microphones are turned off while users are on a call. Group Mode widens the speech zone, allowing additional people to speak into the primary microphone of the badge. Uncheck this option if you want to eliminate background noise when users are on a call. Note: B3000 and B3000n users can change the Group Mode setting on
their badges, overriding the default.
|
Reset Volume to Default |
Specifies the option to reset the default volume at boot-up. Otherwise, the previous volume setting is maintained at boot-up. |
Security Settings | |
Enable FIPS |
Specifies the option to enable the badge cryptographic security module to run in a secure mode that conforms with Federal Information Processing Standard (FIPS) 140-2. When Enable FIPS field is checked, it requires WPA2-PSK, WPA2-PEAP, or WPA2-TLS.
|
Authentication Type | |
Open | Specifies that your wireless network does not require authentication. |
LEAP | Specifies that your wireless network implements the Cisco LEAP protocol for authentication. |
Username and Password* |
Enter appropriate values in the Username and Password fields if your network uses either LEAP, WPA-PEAP, or EAP-FAST authentication. If your network uses EAP-TLS authentication with external certificates (instead of the Vocera Manufacturer Certificates), enter a value for the Username field but not the Password field. Otherwise, skip both these fields. Each badge on a Vocera Voice Server must use the same username and password. The username format depends on the requirements set by the RADIUS authentication server. For example, when you use LEAP with Cisco ACS and Windows Active Directory, enter domain \ userid in the Username field, where domain is a Windows domain name and userid identifies the user. Other RADIUS servers may require the username only. The password value is case sensitive. You can use initial or embedded spaces in either of these values; trailing spaces cause an error message when the values are saved. The badge supports a maximum of 128 alphanumeric characters for the Username and 32 alphanumeric characters for the Password. In addition, the badge supports the following characters for LEAP passwords: ^ # ! * @ % & $ Note: If you are using EAP-FAST authentication and you change
the username or password values, you must also generate a
new PAC file. With manual PAC provisioning,
you must generate a new PAC file on the
Cisco ACS and copy it to the Vocera Voice Server and the Vocera
configuration computer. With automatic PAC provisioning, you
must restore the factory settings on the badge and
reconfigure it. When the badge reconnects, it retrieves the
new PAC file automatically from the
ACS.
|
WPA-PSK | Specifies that your wireless network uses the WiFi Protected Access Pre-Shared Key protocol for authentication. |
Pre shared Key |
If Authentication Type is set to WPA-PSK, the pre-shared field appears. The pre-shared key that the badge supplies for authentication is a 64-character, hexadecimal value. |
WPA-PEAP | Specifies that your wireless network uses the WiFi Protected Access Protected Extensible Authentication Protocol for authentication. |
EAP-FAST | Specifies that your wireless network uses Extensible Authentication Protocol-Flexible Authentication through Secure Tunneling for authentication. EAP-FAST authentication enables you to select between automatic or manual PAC provisioning. |
Enable Auto-PAC | Specifies the option to enable automatic download of a PAC from the Cisco ACS, and the ACS periodically refreshes the PAC to ensure it does not expire. To take advantage of automatic PAC provisioning, you must configure badges correctly by setting Auto-PAC properties. If you enable manual PAC provisioning, you must create a .pac file on the Cisco ACS and copy it to the Vocera Voice Server and the Vocera configuration computer. |
Provision Auto-PAC on Expire |
Specifies the option to enable automatic provisioning of a new PAC when it expires. If this property is unchecked, a badge with an expired PAC displays the following message: "Expired or invalid PAC credentials." Note: This message appears only if a badge has been powered off or
did not roam at all for a while and the master key and the
retired master key on the Cisco ACS have expired. If this
happens, the badge must to be reconfigured.
To take advantage of this feature, you must also select EAP-FAST authentication. |
Auto-PAC Provision Retry Count |
Specifies the option to limit the number of times a badge attempts to retry retrieving a PAC from the Cisco ACS after the first attempt failed. For example, the badge attempts to retry retrieving a PAC due to wireless network problems. Select a number from 0 to 5. If a badge exceeds the retry count, it displays the following message: Too many retries for Auto-PAC provisioning. By default, this property is set to 0 (indicates no retries). To take advantage of this feature, you must also select EAP-FAST authentication. |
EAP-TLS |
Specifies that your wireless network uses Extensible Authentication Protocol-Transport Layer Security for authentication. Check the EAP-TLS field to enable the badge to use custom EAP-TLS certificates rather than Vocera Manufacturer Certificates. If you use custom EAP-TLS certificates, you must generate your self-signed certificates or obtain them from a trusted Certificate Authority (CA). If you check this box, additional configuration is required. You must install client-side certificates on the Vocera Voice Server and the configuration computer, install the server-side certificates on your authentication server, configure your authentication server for EAP-TLS. Alternatively, uncheck this box to use the Vocera Manufacturer Certificates. Vocera badges are preconfigured with EAP-TLS client certificates that are automatically downloaded from the Vocera Voice Server or the Badge Configuration Computer. Vocera Manufacturer Certificates use 2048-bit RSA keys that provide excellent security for enterprise and conform to industry standards and NIST recommendations. If you decide to use Vocera Manufacturer Certificates on the badge, you still need to install Vocera Voice Server-side certificates on your authentication server. For more information on security certificates, refer to Vocera Device Configuration Guide. |
Use Custom EAP-TLS Certificates |
Specifies the option to enable the badge to use custom EAP-TLS certificates rather than Vocera Manufacturer Certificates. If you use custom EAP-TLS certificates, you must generate your self-signed certificates or obtain it from a trusted Certificate Authority (CA). If you check this box, additional configuration is required. You must install client-side certificates on the Vocera Voice Server and the configuration computer, install the server-side certificates on your authentication server, configure your authentication server for EAP-TLS, and specify the Username and Client Key Password properties. Alternatively, uncheck this box to use the Vocera Manufacturer Certificates. Vocera badges are preconfigured with EAP-TLS client certificates that are automatically downloaded from the Vocera Voice Server or the Badge Configuration Computer. Vocera Manufacturer Certificates use 2048-bit RSA keys that provide excellent security for enterprise and conform to industry standards and NIST recommendations. If you decide to use Vocera Manufacturer Certificates on the badge, you still need to install Vocera Voice Server-side certificates on your authentication server. This property is available only when the Authentication property is set to EAP-TLS. |
Encryption Type |
The encryption types available are:
Use hexadecimal characters to enter the key that the access point is using. |
Wireless Settings | |
2.4 GHz Channels | |
Set to Defaults (1, 6, 11) |
Specifies the option to force badges to scan the three non-overlapping 2.4 GHz channels of 1, 6, and 11. |
Specify Channels |
Specifies the option to specify up to four arbitrary channels to scan. If the access points on your network are set either to four channels, three channels, or to fewer than three channels other than 1, 6, and 11, select Specify Channels and enter the specific channel numbers in a comma-separated list. Ensure that you specify only channels that are supported for your locale. |
Roaming Policy |
The Roaming Policy property specifies how quickly a badge searches for an access point when signal quality drops. Higher values cause a badge to search sooner and may correct problems with choppy audio. However, a badge cannot send or receive audio packets while searching for an access point, as communication may be interrupted. Lower values allow a badge to tolerate lower signal quality before searching. The optimal threshold value varies from one 802.11 network to another, depending on how the network is configured. Select a value from 1 to 5. The default value is 2. |
CCKM |
Check
CCKM box if you want to enable Cisco
Certified Key Management. CCKM is a form of fast roaming supported on Cisco access points and various routers. Using CCKM, Vocera devices can roam from one access point to another without any noticeable delay during reassociation. After the RADIUS authentication server initially authenticates a Vocera device, each access point on your network acts as a wireless domain service (WDS) and caches security credentials for CCKM-enabled client devices. When a Vocera device roams to a new access point, the WDS cache reduces the time it needs to reassociate. To take advantage of this feature, your access points must also support CCKM, and you must use either LEAP, WPA-PEAP, EAP-FAST, or EAP-TLS authentication. |
802.11d | Check 802.11d box if you are in a country where systems that use other standards in the 802.11 family are not allowed to operate. |
Custom Settings | |
B3.BroadcastUsesIGMP | Vocera broadcast is implemented as IP Multicast. If broadcast commands must cross a subnet, IGMP must be supported in the switch or router. Set this property to TRUE. |
B3.ClosedMenus |
Specifies whether the badge configuration menus are hidden, or if they can be easily accessed through the DND button:
|
DefaultHandsetVolume | Lists the default volume level of Privacy Mode when no users are logged in. |
DisplayHandsetMode | Displays Privacy Mode on the badge menu under Settings. |
B2.EnableAPSD |
Specifies whether the badge takes advantage of the Unscheduled Automatic Power Save Delivery Subset (U-APSD) of 802.11e. U-APSD improves power management and potentially increases the talk time of 802.11 clients.
To take advantage of this standard, your access points must support it. Important: Both the B3.EnableAPSD and B3.EnableWMM properties must be set to the same value. |
B3.EnableWMM |
Specifies whether the badge takes advantage of the WiFi Multimedia (WMM) subset of 802.11e. The 802.11e QoS provides standards-based QoS to prioritize voice over data traffic and ensure high-level voice quality.
To take advantage of this standard, your access points must support it, switches and routers must be configured to honor DSCP markings, and the Vocera QoS Manager service must be enabled on the Vocera Voice Server. Important: Both the B3.EnableAPSD and B3.EnableWMM properties must be set to the same value. |
EnableHandsetQuickEntry | Enables Easy Access entry to Privacy mode. |
HandsetMode | Enables or disables Privacy mode using Easy Access. |
HandsetQuickEntryPromptPlay | Plays an audible alert, “Entering Handset Mode” while switching to Privacy Mode using Easy Access. |
B3.InstallDone |
Specifies whether the Badge Properties Editor has performed the initial configuration for a badge:
|
B3.ListenInterval |
An access point broadcasts a management frame called a beacon at a fixed interval (required to be set to 100 ms by Vocera). The B3.ListenInterval property specifies the frequency with which badges "wake up" and listen for a beacon. When the beacon interval is 100 ms and B3.ListenInterval is 5, the default listen interval is 500 ms. |
B3.ResetVolumeToDefault |
Specifies whether the badge resets the volume to the default at boot-up.
|
B3.SubnetMask |
Specifies a subnet mask that indicates the bits in the IP address that correspond to the subnet, using standard dotted notation. For example: 255.255.255.0. You must specify this property if you are using static IP addresses. Leave this field blank if a DHCP server is assigning IP addresses. |
B3.SubnetRoaming |
Specifies whether users can roam across subnet boundaries while using badges. If subnet roaming is enabled, a badge automatically obtains a new IP address as a badge user makes the transition to an access point on a different subnet. If you enable subnet roaming, you must use a DHCP server to supply your IP addresses. TRUE specifies that the access points on your wireless LAN are divided into multiple subnets, and if you want to allow users to roam across subnet boundaries. FALSE specifies that all the access points on your wireless LAN are within a single subnet. Set this property to minimize DHCP traffic and reduce the chance of a momentary loss of audio when roaming between access points. The subnet where the Vocera Voice Server is located is not relevant to this property. |