Enable WPA2 policy with AES encryption then either FT 802.1x or FT PSK for authenticated key management type depending
on whether 802.1x or PSK is to be utilized.
802.1x, CCKM and/or PSK may also be enabled if wanting to utilize the same SSID for various type of voice clients, where
some clients do not support 802.11r (FT) depending on whether 802.1x or PSK is being utilized.
To utilize CCKM for fast secure roaming, enable WPA2 policy with AES encryption and 802.1x + CCKM for authenticated
key management type.
Cisco IP Phone 8800 Series Wireless LAN Deployment Guide
53