Specifications

ManualsBrandsCisco ManualsComputer equipmentAironet 1040 Series

141

142

143

144

145

146

147

148

149

150

2-131

Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges

0L-24115-01

Chapter 2 Cisco IOS Commands for Access Points and Bridges

eapfast server-key

Use the eapfast server-key command to configure EAP-FAST server keys. The local authenticator uses

server keys to encrypt Protected Access Credential (PAC) files that it generates and to decrypt PACs

when it is authenticating clients. The server maintains two keys, a primary key and a secondary key, and

uses the primary key to encrypt PACs. Periodically, the local authenticator switches keys, making the

primary key the secondary and using the secondary key as the primary. If you do not configure server

keys, the local authenticator generates keys automatically.

When the local authenticator receives a client PAC, it attempts to decrypt the PAC with the primary key.

If decryption fails with the primary key, the authenticator attempts to decrypt the PAC with the secondary

key. If decryption fails with the secondary key, the authenticator rejects the PAC as invalid.

[no] eapfast server-key {primary {auto-generate | [0 | 7] key} |

secondary [0 | 7] key}

Syntax Description

Defaults By default, the local authenticator generates server keys automatically.

Command Modes Configuration mode for local authenticators

Command History

Examples This example shows how to configure a primary server key for the local authenticator access point:

AP(config-radsrv)#eapfast server-key primary 0 2468

This example shows how to configure a secondary server key:

AP(config-radsrv)#eapfast server-key secondary 0 9753

Related Commands

primary {auto-generate |

[0 | 7] key

Specifies a primary EAP-FAST server key. Use the auto-generate

option to configure the local authenticator to generate a primary server

key automatically. To configure a specific key, enter the key preceded

by 0 or 7. Keys can contain up to 32 hexadecimal digits. Enter 0 before

the key to enter an unencrypted key. Enter 7 before the key to enter an

encrypted key.

secondary [0 | 7] key Specifies a secondary EAP-FAST server key. Enter the key preceded by

0 or 7. Keys can contain up to 32 hexadecimal digits. Enter 0 before the

key to enter an unencrypted key. Enter 7 before the key to enter an

encrypted key.

Release Modification

12.3(2)JA This command was introduced.

Command Description

radius local-server pac-generate Generates a PAC file for an EAP-FAST client