Vocera supports industry standard security systems as well as popular proprietary security methods such as EAP-TLS and WPA-PEAP.
The following table summarizes the security support in Vocera.
| Authentication | Encryption | B3000n Support | B3000 Support |
|---|---|---|---|
|
Open |
None WEP64 WEP128 Note: Vocera recommends that you do not choose encryption TKIP and AES in the
same WLAN.
|
|
|
|
WPA-PEAP WPA-PSK EAP-FAST EAP-TLS |
TKIP-WPA TKIP-WPA TKIP-WPA TKIP-WPA |
|
|
|
WPA-PEAP WPA-PSK EAP-FAST EAP-TLS |
AES-CCMP AES-CCMP AES-CCMP AES-CCMP |
|
|
|
LEAP |
WEP64 WEP128 TKIP-WPA AES-CCMP |
|
|
The LEAP, WPA-PEAP, EAP-FAST, and EAP-TLS protocols typically require each user in a network environment to be authenticated with a unique set of credentials. However, each badge in a profile must have the same security properties so that the Vocera Voice Server can automatically update all badges when necessary. Consequently, Vocera supports device authentication for WPA-PEAP, LEAP, EAP-FAST, and EAP-TLS, not user authentication.
Vocera recommends that all badges use the same set of credentials for network authentication. However, device authentication also support unique certificates for each badge when EAP-TLS is used.
The WiFi Alliance (WFA) has deprecated support for WEP, and newer versions of wireless controllers may not have configuration options for TKIP. Even though the B3000n and B3000 badges support WEP or TKIP, Vocera recommends not using them.
The following table displays details of the models, manufacturers, and the supported authentication tests conducted by Vocera.
| Model | Manufacturer | Supported Authentication |
|---|---|---|
|
Access Control Server (ACS) |
Cisco |
EAP-TLS, EAP-FAST, LEAP, WPA-PEAP, and mixed LEAP/WPA-PEAP client environments |
|
Internet Authentication Service (IAS) |
Microsoft |
EAP-TLS, WPA-PEAP (badge only) |
|
Steel-Belted Radius |
Juniper Networks |
PEAP |
|
Identity Service Engine (ISE) |
Cisco |
EAP-TLS, EAP-FAST, WPA-PEAP |
