User guide
3-6
Cisco WLAN Controller Web Interface User Guide
OL-7416-04
Chapter 3 WLANs Menu Bar Selection
WLANs
• Layer 3 security is available via IPSec, VPN Pass Through, or L2TP. Check software availability
and client hardware compatibility before implementing IPSec. Layer 3 IPSec parameters are
described in the following table.
Cranite Configure the WLAN to use the FIPS140-2 compliant Cranite WirelessWall
Software Suite, which uses AES encryption and VPN tunnels to encrypt and
verify all data frames carried by the Cisco WLAN Solution (Note 3).
Fortress FIPS 40-2 compliant Layer 2 security feature.
MAC Filtering Select to filter clients by MAC address. Locally configure clients by MAC
address in the MAC Filters > New page. Otherwise, configure the clients on
a RADIUS server.
Static WEP + 802.1x Use this setting to enable both Static WEP and 802.1x parameters. If this
option is selected, static WEP and 802.1x parameters are displayed at the
bottom of the page.
Note The Third-Party AP WLAN (17) can only be configured with 802.1X encryption. Drop down
configurable 802.1X parameters are not available for this WLAN.
Note One unique WEP Key Index can be applied to each WLAN. As there are only four WEP Key
Indexes, only four WLANs can be configured for Static WEP Layer 2 encryption.
Note When Cranite is selected as the Layer 2 security policy, no Layer 3 security policies are allowed.
Ta b l e 3 - 3 L a y e r 2 S e c u ri t y Policies (continued)
Parameter Description
Table 3-4 Layer 3 IPSec and L2TP Parameters
Parameter (Note 1) Range
IPSec Authentication HMAC MD5; HMAC SHA1.
IPSec Encryption DES; Triple DES; AES CBC.
IKE Authentication Certificates, Pre Shared Key, or XAuth Pre Shared Key (Notes 2, 3).
IKE Phase 1 Aggressive or Main. When you select L2TP, only Main is allowed.
Lifetime Timeout in seconds. Default = 28800 seconds.
IKE Diffie-Hellman Group Group 1, 2 or 5.
Contivity Mode Enabled or Disabled. Enable to allow the WLAN to use a Contivity IP
Services Gateway for additional Cisco WLAN Solution security.