Security Support

Vocera supports industry standard security systems as well as popular proprietary security methods such as EAP-TLS and WPA-PEAP.

The following table summarizes the security support in Vocera.

Authentication Encryption C1000 Support V5000 Support B3000n Support

Open

None

WEP64

WEP128

Note: Vocera recommends that you do not choose encryption TKIP and AES in the same WLAN.

Yes

No

No

Yes

No

No

Yes

Yes

Yes

WPA-PEAP

WPA-PSK

EAP-FAST

EAP-TLS

TKIP-WPA

TKIP-WPA

TKIP-WPA

TKIP-WPA

No

No

No

No

No

No

No

No

Yes

Yes

Yes

Yes

WPA-PEAP

WPA-PSK

EAP-FAST

EAP-TLS

AES-CCMP

AES-CCMP

AES-CCMP

AES-CCMP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Note: In order to support 802.11n data rates, you must configure the B3000n to use AES-CCMP. For additional information, refer to Vocera Device Configuration Guide.

The WPA-PEAP, EAP-FAST, and EAP-TLS protocols typically require each user in a network environment to be authenticated with a unique set of credentials. However, each badge in a profile must have the same security properties so that the Vocera Voice Server can automatically update all badges when necessary. Consequently, Vocera supports device authentication for WPA-PEAP, EAP-FAST, and EAP-TLS, not user authentication.

Vocera recommends that all badges use the same set of credentials for network authentication. However, device authentication also support unique certificates for each badge when EAP-TLS is used.

The WiFi Alliance (WFA) has deprecated support for WEP, and newer versions of wireless controllers may not have configuration options for TKIP. Even though the B3000n and B3000 badges support WEP or TKIP, Vocera recommends not using them.

The following table displays details of the models, manufacturers, and the supported authentication tests conducted by Vocera.

Model Manufacturer Supported Authentication
Access Control Server (ACS) Cisco EAP-TLS, EAP-FAST, WPA-PEAP
Internet Authentication Service (IAS) Microsoft EAP-TLS, WPA-PEAP (badge only)
Steel-Belted Radius Juniper Networks PEAP
Identity Service Engine (ISE) Cisco EAP-TLS, EAP-FAST, WPA-PEAP
HostAPD Opensource EAP-TLS, EAP-FAST, WPA-PEAP