Network Router User Manual

ManualsBrandsCisco Systems ManualsNetwork RouterProduct Guide Cisco WLAN Solution 3.0 OL-7426-03

141

142

143

144

145

146

147

148

149

150

5/26/05 Local MAC Filter

OL-7426-03

IKE Phase 1 Aggressive and Main ModesIKE Phase 1 Aggressive and Main Modes

IPSec IKE uses the Phase 1 Aggressive (faster) or Main (more secure) mode to set up encryption

between clients and the Cisco Wireless LAN Controller.

• Use the show wlan command to see if the Cisco Wireless LAN Controller has IPSec IKE

Aggressive mode enabled.

• If necessary, use the following command to configure the IKE Aggressive or Main mode on a

WLAN with IPSec enabled:

>config wlan security ipsec ike phase1 [aggressive/main] <WLAN id>

where <WLAN id> = 1 through 16.

• Use the show wlan command to verify that you have IPSec IKE Aggressive or Main mode

enabled.

IKE Lifetime TimeoutIKE Lifetime Timeout

IPSec IKE uses its timeout to limit the time that an IKE key is active.

• Use the show wlan command to see the current IPSec IKE lifetime timeout.

• Use the following command to configure the IKE lifetime on a WLAN with IPSec enabled:

>config wlan security ipsec ike lifetime <WLAN id> <seconds>

where <WLAN id> = 1 through 16, and <seconds> = 1800 through 345600 seconds (default =

28800 seconds).

• Use the show wlan command to verify that you have IPSec IKE timeout properly set.

IPSec PassthroughIPSec Passthrough

IPSec IKE uses IPSec Passthrough to allow IPSec-capable clients to communicate directly with other

IPSec equipment. IPSec Passthrough is also known as VPN Passthrough.

• Use the show wlan command to see the current IPSec passthrough status.

• Use the following command to configure IKE passthrough for a WLAN:

>config wlan security passthru [enable/disable] <WLAN id> [gateway]

where <WLAN id> = 1 through 16, and [gateway] = IP Address of IPSec (VPN) passthrough

gateway.

• Use the show wlan command to verify that you have IPSec passthrough properly set.

Web Based Authentication

WLANs can use Web Authentication if IPSec is not enabled on the Cisco Wireless LAN Controller. Web

Authentication is simple to set up and use, and can be used with SSL to improve the overall security of

the wireless LAN.

• Use the show wlan command to see the current Web Authentication status.

• Use the following command to configure Web Authentication for a WLAN:

>config wlan security web [enable/disable] <WLAN id>

where <WLAN id> = 1 through 16.

• Use the show wlan command to verify that you have Web Authentication properly set.