Specifications

ManualsBrandsCisco ManualsComputer equipmentAironet 1200 Series

131

132

133

134

135

136

137

138

139

140

10-8

Cisco Aironet 1200 Series Access Point Installation and Configuration Guide

OL-3446-01

Chapter 10 Configuring Authentication Types

Configuring Authentication Types

Use the no form of the SSID commands to disable the SSID or to disable SSID features.

This example sets the authentication type for the SSID batman to open with a combination of

MAC-address and EAP authentication. Client devices using the batman SSID first attempt MAC-address

authentication using a server named adam. If MAC authentication succeeds, they join the network, but

if it fails, they attempt EAP authentication using the same server.

ap1200# configure terminal

ap1200(config)# configure interface dot11radio 0

ap1200(config-if)# ssid batman

ap1200(config-ssid)# authentication open mac adam alternate eap adam

ap1200(config-ssid)# end

Configuring Authentication Holdoffs, Timeouts, and Intervals

Beginning in privileged EXEC mode, follow these steps to configure holdoff times, reauthentication

periods, and authentication timeouts for client devices authenticating through your access point:

Step 6

authentication network-eap

list-name

[mac-address list-name]

(Optional) Set the authentication type for the SSID to

Network-EAP. Using the Extensible Authentication Protocol

(EAP) to interact with an EAP-compatible RADIUS server, the

access point helps a wireless client device and the RADIUS

server to perform mutual authentication and derive a dynamic

unicast WEP key. However, the access point does not force all

client devices to perform EAP authentication.

• (Optional) Set the SSID’s authentication type to

Network-EAP with MAC address authentication. All client

devices that associate to the access point are required to

perform MAC-address authentication. For list-name,

specify the authentication method list.

Step 7

end Return to privileged EXEC mode.

Step 8

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

dot11 holdoff-time seconds Enter the number of seconds a client device must wait before it

can reattempt to authenticate following a failed authentication.

Enter a value from 1 to 65555 seconds.

Step 3

interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface. The

2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.

Step 4

dot1x client-timeout seconds Enter the number of seconds the access point should wait for a

reply from a client attempting to authenticate before the

authentication fails. Enter a value from 1 to 65555 seconds.