Manual

4-13

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 4 Configuring the Access Point for the First Time

Assigning Basic Settings

Express Security page encryption settings and authentication types are linked. Without VLANs,

encryption settings (WEP and ciphers) apply to an interface, such as the 2.4-GHz radio, and you cannot

use more than one encryption setting on an interface. For example, when you create an SSID with static

WEP with VLANs disabled, you cannot create additional SSIDs with WPA authentication because they

use different encryption settings. If you find that the security setting for an SSID conflicts with another

SSID, you can delete one or more SSIDs to eliminate the conflict.

Security Types for an SSID

Table 4-2 describes the four security types that you can assign to an SSID.

Ta b l e 4-2 Security Types on Express Security Setup Page

Security Type Description Security Features Enabled

No Security This is the least secure option. You

should use this option only for SSIDs

used in a public space and assign it to

a VLAN that restricts access to your

network.

None.

Static WEP Key This option is more secure than no

security. However, static WEP keys

are vulnerable to attack. If you

configure this setting, you should

consider limiting association to the

wireless device based on MAC

address (see the Using MAC Address

ACLs to Block or Allow Client

Association to the Access Point,

page 16-6 or, if your network does not

have a RADIUS server, consider

using an access point as a local

authentication server (see Chapter 9,

“Configuring an Access Point as a

Local Authenticator”).

Mandatory WEP. Client devices

cannot associate using this SSID

without a WEP key that matches the

wireless device key.