User's Manual
11-20
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-11350-01
Chapter 11 Configuring Authentication Types
Matching Access Point and Client Device Authentication Types
LEAP authentication Enable LEAP Set up and enable WEP and enable
Network-EAP for the SSID
1
EAP-FAST authentication Enable EAP-FAST and enable
automatic provisioning or import a
PAC file
Set up and enable WEP and enable
Network-EAP for the SSID
1
If radio clients are configured to
authenticate using EAP-FAST,
open authentication with EAP
should also be configured. If you
don’t configure open authentication
with EAP, the following GUI
warning message appears:
WARNING:
Network EAP is used for LEAP
authentication only. If radio clients
are configured to authenticate using
EAP-FAST, Open Authentication
with EAP should also be
configured.
If you are using the CLI, this
warning message appears:
SSID CONFIG WARNING:
[SSID]: If radio clients are using
EAP-FAST, AUTH OPEN with
EAP should also be configured.
EAP-FAST authentication
with WPA
Enable EAP-FAST and Wi-Fi
Protected Access (WPA) and
enable automatic provisioning or
import a PAC file.
To allow the client to associate to
both WPA and non-WPA access
points, enable Allow Association
to both WPA and non-WPA
authenticators.
Select a cipher suite that includes
TKIP, set up and enable WEP, and
enable Network-EAP and WPA for
the SSID.
Note To allow both WPA and
non-WPA clients to use the
SSID, enable optional
WPA.
802.1X authentication and
CCKM
Enable LEAP Select a cipher suite and enable
Network-EAP and CCKM for the
SSID
Note To allow both 802.1X
clients and non-802.1X
clients to use the SSID,
enable optional CCKM.
Table 11-2 Client and Access Point Security Settings (continued)
Security Feature Client Setting Access Point Setting