user manual

ManualsBrandsCisco Systems ManualsNetwork RouterNetwork Router DL-2159-05

171

172

173

174

175

176

177

178

179

180

8-17

Cisco Aironet 1200 Series Access Point Software Configuration Guide

OL-2159-05

Chapter 8 Security Setup

Setting Up EAP Authentication

Step 6 Enter the shared secret used by your RADIUS server in the Shared Secret entry field. The shared secret

on the access point must match the shared secret on the RADIUS server. The shared secret can contain

up to 64 alphanumeric characters.

Step 7 Enter the number of seconds the the access point should wait before authentication fails in the Retran

Int (sec) field.

Step 8 Enter the number of times the access point should attempt to contact the primary server before giving up

in the Max Retran field.

Step 9 Select EAP Authentication under the server. The EAP Authentication check box designates the server

as an authenticator for any EAP type, including LEAP, PEAP, EAP-TLS, EAP-SIM, and EAP-MD5.

Step 10 Click OK. You return automatically to the Security Setup page.

Step 11 On the Security Setup page, click Radio Data Encryption (WEP) to browse to the AP Radio Data

Encryption page (Figure 8-6).

Step 12 Select Network-EAP for the Authentication Type setting to allow EAP-enabled client devices to

authenticate through the access point.

a. For LEAP authentication only, select Network-EAP and deselect the Open and Shared check boxes.

b. To allow LEAP and Static WEP authentication, select Network-EP and the Open and Shared check

boxes.

c. For other authentication types (EAP-TLS, MD5) select Require EAP and the Open and Shared

check box, as appropriate.

Note When you select Require EAP, you block client devices that are not using EAP from

authenticating through this access point radio.

Table 8-4 lists the access point settings that provide authentication for various client devices.

Step 13 Check that a WEP key has been entered in key slot 1. If a WEP key has been set up in slot 1, skip to

Step 17. If no WEP key has been set up, proceed to Step 14.

Note You can use EAP without enabling WEP, but packets sent between the access point and the client

device will not be encrypted. To maintain secure communications, use WEP at all times.

Table 8-4 Access Point EAP Settings for Various Client Configurations

Access Point Configuration Client Devices Allowed to Authenticate

Network-EAP authentication

• Client devices with LEAP enabled

• Repeater access points with LEAP

enabled

Open authentication with

Require EAP check box

selected

• Client devices with EAP enabled

• Cisco Aironet devices with EAP-TLS or

EAP-MD5 enabled through Windows XP

Note Selecting Require EAP on the access

point blocks non-EAP client devices

from using the access point.