User's Manual

ManualsBrandsCisco Systems ManualsWelding SystemCisco Systems IOS Software 0L-11350-01

4-20

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-11350-01

Chapter 4 Configuring the Access Point for the First Time

Configuring Basic Security Settings

EAP Authentication This option enables 802.1X

authentication (such as LEAP, PEAP,

EAP-TLS, EAP-FAST, EAP-TTLS,

EAP-GTC, EAP-SIM, and other

802.1X/EAP based products)

This setting uses mandatory

encryption, WEP, open

authentication + EAP, network EAP

authentication, no key management,

RADIUS server authentication port

1645.

You are required to enter the IP

address and shared secret for an

authentication server on your network

(server authentication port 1645).

Because 802.1X authentication

provides dynamic encryption keys,

you do not need to enter a WEP key.

Mandatory 802.1X authentication.

Client devices that associate using

this SSID must perform 802.1X

authentication.

If radio clients are configured to

authenticate using EAP-FAST, open

authentication with EAP should also

be configured. If you don’t configure

open authentication with EAP, the

following GUI warning message

appears:

WA RN ING:

Network EAP is used for LEAP

authentication only. If radio clients

are configured to authenticate using

EAP-FAST, Open Authentication

with EAP should also be configured.

If you are using the CLI, this warning

message appears:

SSID CONFIG WARNING: [SSID]:

If radio clients are using EAP-FAST,

AUTH OPEN with EAP should also

be configured.

WPA Wi-Fi Protected Access (WPA)

permits wireless access to users

authenticated against a database

through the services of an

authentication server, then encrypts

their IP traffic with stronger

algorithms than those used in WEP.

This setting uses encryption ciphers,

TKIP, open authentication + EAP,

network EAP authentication, key

management WPA mandatory, and

RADIUS server authentication port

1645.

As with EAP authentication, you

must enter the IP address and shared

secret for an authentication server on

your network (server authentication

port 1645).

Mandatory WPA authentication.

Client devices that associate using

this SSID must be WPA-capable.

If radio clients are configured to

authenticate using EAP-FAST, open

authentication with EAP should also

be configured. If you don’t configure

open authentication with EAP, the

following GUI warning message

appears:

WA RN ING:

Network EAP is used for LEAP

authentication only. If radio clients

are configured to authenticate using

EAP-FAST, Open Authentication

with EAP should also be configured.

If you are using the CLI, this warning

message appears:

SSID CONFIG WARNING: [SSID]:

If radio clients are using EAP-FAST,

AUTH OPEN with EAP should also

be configured.

Table 4-2 Security Types on Express Security Setup Page (continued)

Security Type Description Security Features Enabled