B3000 Badge Properties Configuration

This section lists the badge properties that you can configure using the BPE on your B3000 Badge.

Enter information or check the following badge properties:

Fields Description
Profiles
Selected Profiles Specifies the name of the profile you selected to control general behavior. You must use the profiles.txt files for environments that require more than one wireless profile in a dynamic campus-type setting.
Create Profile Allows you to create a new profile to control general behavior.
General Settings
Server IP Address*

Specifies the IP address of the computer that runs the Vocera Voice Server. This is a required field.

Use dotted-decimal notation to specify this value. For example, 192.168.3.7.

If you are configuring a cluster, enter the IP address of each machine in the cluster, separated by commas, with no spaces.

Note: Do not enter more than four comma-separated IP addresses. The Vocera Voice Server supports a maximum of four cluster nodes.
SSID*

Specify an SSID other than vocera (all lower-case) for your production server. Badges are factory-programmed to use the vocera SSID to establish a wireless connection to the configuration computer that you have set up for your Vocera system.

Hide Boot Menus

Specifies the option to prevent configuration menus to be displayed on a badge.

The menus provide access to powerful utilities for maintenance and troubleshooting. Use these utilities only when you are working with Vocera Technical Support.

Note: This property is ignored by the B3000 and B3000n badges, with menus always hidden.
Group Mode

Specifies the option to ensure noise-canceling microphones are turned off while users are on a call. Group Mode widens the speech zone, allowing additional people to speak into the primary microphone of the badge.

Uncheck this option if you want to eliminate background noise when users are on a call.

Note: B3000 and B3000n users can change the Group Mode setting on their badges, overriding the default.
  • For B3000: Group Mode is always off during Genie interactions and broadcasts.
  • For B3000n: Group Mode is automatically enabled when the badge is turned to a 105-degree angle to improve voice recognition.
Reset Volume to Default

Specifies the option to reset the default volume at boot-up. Otherwise, the previous volume setting is maintained at boot-up.

Security Settings
Enable FIPS

Specifies the option to enable the badge cryptographic security module to run in a secure mode that conforms with Federal Information Processing Standard (FIPS) 140-2.

When Enable FIPS field is checked, it requires WPA2-PSK, WPA2-PEAP, or WPA2-TLS.

Authentication Type
Open Specifies that your wireless network does not require authentication.
LEAP Specifies that your wireless network implements the Cisco LEAP protocol for authentication.
Username and Password*

Enter appropriate values in the Username and Password fields if your network uses either LEAP, WPA-PEAP, or EAP-FAST authentication.

If your network uses EAP-TLS authentication with external certificates (instead of the Vocera Manufacturer Certificates), enter a value for the Username field but not the Password field. Otherwise, skip both these fields.

Each badge on a Vocera Voice Server must use the same username and password. The username format depends on the requirements set by the RADIUS authentication server. For example, when you use LEAP with Cisco ACS and Windows Active Directory, enter domain \ userid in the Username field, where domain is a Windows domain name and userid identifies the user. Other RADIUS servers may require the username only.

The password value is case sensitive. You can use initial or embedded spaces in either of these values; trailing spaces cause an error message when the values are saved.

The badge supports a maximum of 128 alphanumeric characters for the Username and 32 alphanumeric characters for the Password. In addition, the badge supports the following characters for LEAP passwords:

^ # ! * @ % & $
Note: If you are using EAP-FAST authentication and you change the username or password values, you must also generate a new PAC file. With manual PAC provisioning, you must generate a new PAC file on the Cisco ACS and copy it to the Vocera Voice Server and the Vocera configuration computer. With automatic PAC provisioning, you must restore the factory settings on the badge and reconfigure it. When the badge reconnects, it retrieves the new PAC file automatically from the ACS.
WPA-PSK Specifies that your wireless network uses the WiFi Protected Access Pre-Shared Key protocol for authentication.
Pre shared Key

If Authentication Type is set to WPA-PSK, the pre-shared field appears. The pre-shared key that the badge supplies for authentication is a 64-character, hexadecimal value.

WPA-PEAP Specifies that your wireless network uses the WiFi Protected Access Protected Extensible Authentication Protocol for authentication.
EAP-FAST Specifies that your wireless network uses Extensible Authentication Protocol-Flexible Authentication through Secure Tunneling for authentication. EAP-FAST authentication enables you to select between automatic or manual PAC provisioning.
Enable Auto-PAC Specifies the option to enable automatic download of a PAC from the Cisco ACS, and the ACS periodically refreshes the PAC to ensure it does not expire. To take advantage of automatic PAC provisioning, you must configure badges correctly by setting Auto-PAC properties. If you enable manual PAC provisioning, you must create a .pac file on the Cisco ACS and copy it to the Vocera Voice Server and the Vocera configuration computer.
Provision Auto-PAC on Expire

Specifies the option to enable automatic provisioning of a new PAC when it expires. If this property is unchecked, a badge with an expired PAC displays the following message: "Expired or invalid PAC credentials."

Note: This message appears only if a badge has been powered off or did not roam at all for a while and the master key and the retired master key on the Cisco ACS have expired. If this happens, the badge must to be reconfigured.

To take advantage of this feature, you must also select EAP-FAST authentication.

Auto-PAC Provision Retry Count

Specifies the option to limit the number of times a badge attempts to retry retrieving a PAC from the Cisco ACS after the first attempt failed. For example, the badge attempts to retry retrieving a PAC due to wireless network problems. Select a number from 0 to 5.

If a badge exceeds the retry count, it displays the following message: Too many retries for Auto-PAC provisioning.

By default, this property is set to 0 (indicates no retries). To take advantage of this feature, you must also select EAP-FAST authentication.

EAP-TLS

Specifies that your wireless network uses Extensible Authentication Protocol-Transport Layer Security for authentication.

Check the EAP-TLS field to enable the badge to use custom EAP-TLS certificates rather than Vocera Manufacturer Certificates. If you use custom EAP-TLS certificates, you must generate your self-signed certificates or obtain them from a trusted Certificate Authority (CA). If you check this box, additional configuration is required. You must install client-side certificates on the Vocera Voice Server and the configuration computer, install the server-side certificates on your authentication server, configure your authentication server for EAP-TLS.

Alternatively, uncheck this box to use the Vocera Manufacturer Certificates. Vocera badges are preconfigured with EAP-TLS client certificates that are automatically downloaded from the Vocera Voice Server or the Badge Configuration Computer. Vocera Manufacturer Certificates use 2048-bit RSA keys that provide excellent security for enterprise and conform to industry standards and NIST recommendations. If you decide to use Vocera Manufacturer Certificates on the badge, you still need to install Vocera Voice Server-side certificates on your authentication server. For more information on security certificates, refer to Vocera Device Configuration Guide.

Use Custom EAP-TLS Certificates

Specifies the option to enable the badge to use custom EAP-TLS certificates rather than Vocera Manufacturer Certificates. If you use custom EAP-TLS certificates, you must generate your self-signed certificates or obtain it from a trusted Certificate Authority (CA). If you check this box, additional configuration is required. You must install client-side certificates on the Vocera Voice Server and the configuration computer, install the server-side certificates on your authentication server, configure your authentication server for EAP-TLS, and specify the Username and Client Key Password properties.

Alternatively, uncheck this box to use the Vocera Manufacturer Certificates. Vocera badges are preconfigured with EAP-TLS client certificates that are automatically downloaded from the Vocera Voice Server or the Badge Configuration Computer. Vocera Manufacturer Certificates use 2048-bit RSA keys that provide excellent security for enterprise and conform to industry standards and NIST recommendations. If you decide to use Vocera Manufacturer Certificates on the badge, you still need to install Vocera Voice Server-side certificates on your authentication server.

This property is available only when the Authentication property is set to EAP-TLS.

Encryption Type

The encryption types available are:

  • TKIP-WPA—Specifies your network uses TKIP as defined by WPA.
  • AES-CCMP—Specifies your network uses AES-CCMP as defined by WPA2

Use hexadecimal characters to enter the key that the access point is using.

Wireless Settings
2.4 GHz Channels

Set to Defaults (1, 6, 11)

Specifies the option to force badges to scan the three non-overlapping 2.4 GHz channels of 1, 6, and 11.

Specify Channels

Specifies the option to specify up to four arbitrary channels to scan.

If the access points on your network are set either to four channels, three channels, or to fewer than three channels other than 1, 6, and 11, select Specify Channels and enter the specific channel numbers in a comma-separated list.

Ensure that you specify only channels that are supported for your locale.

Roaming Policy

The Roaming Policy property specifies how quickly a badge searches for an access point when signal quality drops. Higher values cause a badge to search sooner and may correct problems with choppy audio. However, a badge cannot send or receive audio packets while searching for an access point, as communication may be interrupted. Lower values allow a badge to tolerate lower signal quality before searching. The optimal threshold value varies from one 802.11 network to another, depending on how the network is configured. Select a value from 1 to 5. The default value is 2.

CCKM

Check CCKM box if you want to enable Cisco Certified Key Management.

CCKM is a form of fast roaming supported on Cisco access points and various routers. Using CCKM, Vocera devices can roam from one access point to another without any noticeable delay during reassociation. After the RADIUS authentication server initially authenticates a Vocera device, each access point on your network acts as a wireless domain service (WDS) and caches security credentials for CCKM-enabled client devices. When a Vocera device roams to a new access point, the WDS cache reduces the time it needs to reassociate.

To take advantage of this feature, your access points must also support CCKM, and you must use either LEAP, WPA-PEAP, EAP-FAST, or EAP-TLS authentication.

802.11d Check 802.11d box if you are in a country where systems that use other standards in the 802.11 family are not allowed to operate.
Custom Settings
B3.BroadcastUsesIGMP Vocera broadcast is implemented as IP Multicast. If broadcast commands must cross a subnet, IGMP must be supported in the switch or router. Set this property to TRUE.
B3.ClosedMenus

Specifies whether the badge configuration menus are hidden, or if they can be easily accessed through the DND button:

  • FALSE specifies that you can access the configuration menus by pressing the DND button within three seconds displaying the boot countdown timer.

  • TRUE specifies that you must use the special sequence of button presses to display the configuration menus. This value prevents displaying configuration menus and inadvertently causes configuration problems in a badge.

DefaultHandsetVolume Lists the default volume level of Privacy Mode when no users are logged in.
DisplayHandsetMode Displays Privacy Mode on the badge menu under Settings.
B2.EnableAPSD

Specifies whether the badge takes advantage of the Unscheduled Automatic Power Save Delivery Subset (U-APSD) of 802.11e. U-APSD improves power management and potentially increases the talk time of 802.11 clients.

  • FALSE specifies that U-APSD is disabled.

  • TRUE specifies that U-APSD is enabled.

To take advantage of this standard, your access points must support it.

Important: Both the B3.EnableAPSD and B3.EnableWMM properties must be set to the same value.

B3.EnableWMM

Specifies whether the badge takes advantage of the WiFi Multimedia (WMM) subset of 802.11e. The 802.11e QoS provides standards-based QoS to prioritize voice over data traffic and ensure high-level voice quality.

  • FALSE specifies that 802.11e QoS is disabled.

  • TRUE specifies that 802.11e QoS is enabled.

To take advantage of this standard, your access points must support it, switches and routers must be configured to honor DSCP markings, and the Vocera QoS Manager service must be enabled on the Vocera Voice Server.

Important: Both the B3.EnableAPSD and B3.EnableWMM properties must be set to the same value.

EnableHandsetQuickEntry Enables Easy Access entry to Privacy mode.
HandsetMode Enables or disables Privacy mode using Easy Access.
HandsetQuickEntryPromptPlay Plays an audible alert, “Entering Handset Mode” while switching to Privacy Mode using Easy Access.
B3.InstallDone

Specifies whether the Badge Properties Editor has performed the initial configuration for a badge:

  • TRUE specifies that the badge boots the normal Vocera application when it powers up.

  • FALSE specifies that the badge attempts to connect to a machine at IP address 10.0.0.1 running the Vocera Voice Server when it powers up. If successful, the badge downloads properties and firmware from the Vocera Voice Server.

B3.ListenInterval

An access point broadcasts a management frame called a beacon at a fixed interval (required to be set to 100 ms by Vocera). The B3.ListenInterval property specifies the frequency with which badges "wake up" and listen for a beacon. When the beacon interval is 100 ms and B3.ListenInterval is 5, the default listen interval is 500 ms.

B3.ResetVolumeToDefault

Specifies whether the badge resets the volume to the default at boot-up.

  • FALSE specifies that the badge maintains the previous volume setting at boot-up.

  • TRUE specifies that the badge resets the volume to the default at boot-up.

B3.SubnetMask

Specifies a subnet mask that indicates the bits in the IP address that correspond to the subnet, using standard dotted notation. For example: 255.255.255.0. You must specify this property if you are using static IP addresses. Leave this field blank if a DHCP server is assigning IP addresses.

B3.SubnetRoaming

Specifies whether users can roam across subnet boundaries while using badges.

If subnet roaming is enabled, a badge automatically obtains a new IP address as a badge user makes the transition to an access point on a different subnet. If you enable subnet roaming, you must use a DHCP server to supply your IP addresses.

TRUE specifies that the access points on your wireless LAN are divided into multiple subnets, and if you want to allow users to roam across subnet boundaries.

FALSE specifies that all the access points on your wireless LAN are within a single subnet. Set this property to minimize DHCP traffic and reduce the chance of a momentary loss of audio when roaming between access points.

The subnet where the Vocera Voice Server is located is not relevant to this property.