Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentAironet 700 Series
151152153154155156157158159160
10-2
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-5260-01
Chapter 10 Configuring Authentication Types
Understanding Authentication Types
Understanding Authentication Types
This section describes the authentication types that you can configure on the access point. The
authentication types are tied to the SSIDs that you configure for the access point. If you want to serve
different types of client devices with the same access point, you can configure multiple SSIDs. See
Chapter 7, Configuring Multiple SSIDs, for complete instructions on configuring multiple SSIDs.
Before a wireless client device can communicate on your network through the access point, it must
authenticate to the access point using open or shared-key authentication. For maximum security, client
devices should also authenticate to your network using MAC-address or EAP authentication,
authentication types that rely on an authentication server on your network.
Note By default, the access point sends reauthentication requests to the authentication server with the
service-type attribute set to authenticate-only. However, some Microsoft IAS servers do not support the
authenticate-only service-type attribute. Changing the service-type attribute to login-only ensures that
Microsoft IAS servers recognize reauthentication requests from the access point. Use the dot11 aaa
authentication attributes service-type login-only global configuration command to set the
service-type attribute in reauthentication requests to login-only.
The access point uses several authentication mechanisms or types and can use more than one at the same
time. These sections explain each authentication type:
Open Authentication to the Access Point, page 10-2
Shared Key Authentication to the Access Point, page 10-3
EAP Authentication to the Network, page 10-3
MAC Address Authentication to the Network, page 10-5
Combining MAC-Based, EAP, and Open Authentication, page 10-6
Using CCKM for Authenticated Clients, page 10-6
Using WPA Key Management, page 10-7
Open Authentication to the Access Point
Open authentication allows any device to authenticate and then attempt to communicate with the access
point. Using open authentication, any wireless device can authenticate with the access point, but the
device can communicate only if its WEP keys match the access points. Devices not using WEP do not
attempt to authenticate with an access point that is using WEP. Open authentication does not rely on a
RADIUS server on your network.
Figure 10-1 shows the authentication sequence between a device trying to authenticate and an access
point using open authentication. In this example, the devices WEP key does not match the access points
key, so it can authenticate but not pass data.