User's Manual
Table Of Contents
- Chapter 1: Introduction 1-1
- Chapter 1: Introduction
- Chapter 2: Hardware Installation
- Chapter 3: External Antennas
- Chapter 4: Network Configuration
- Chapter 5: Initial Configuration
- Chapter 6: System Configuration
- Chapter 7: Command Line Interface
- Using the Command Line Interface
- Entering Commands
- Command Groups
- General Commands
- System Management Commands
- System Logging Commands
- System Clock Commands
- DHCP Relay Commands
- SNMP Commands
- snmp-server community
- snmp-server contact
- snmp-server location
- snmp-server enable server
- snmp-server host
- snmp-server trap
- snmp-server engine-id
- snmp-server user
- snmp-server targets
- snmp-server filter
- snmp-server filter-assignments
- show snmp groups
- show snmp users
- show snmp group-assignments
- show snmp target
- show snmp filter
- show snmp filter-assignments
- show snmp
- Flash/File Commands
- RADIUS Client
- 802.1X Authentication
- MAC Address Authentication
- Filtering Commands
- WDS Bridge Commands
- Spanning Tree Commands
- Ethernet Interface Commands
- Wireless Interface Commands
- interface wireless
- vap
- speed
- turbo
- multicast-data-rate
- channel
- transmit-power
- radio-mode
- preamble
- antenna control
- antenna id
- antenna location
- beacon-interval
- dtim-period
- fragmentation-length
- rts-threshold
- super-a
- super-g
- description
- ssid
- closed-system
- max-association
- assoc-timeout-interval
- auth-timeout-value
- shutdown
- show interface wireless
- show station
- Rogue AP Detection Commands
- Wireless Security Commands
- Link Integrity Commands
- IAPP Commands
- VLAN Commands
- WMM Commands
- Appendix A: Troubleshooting
- Appendix B: Cables and Pinouts
- Appendix C: Specifications
- Glossary
- Index
System Configuration
6-80
6
The configuration settings for WPA are summarized below:
CLI Commands for WPA Using Pre-shared Key Security – Be sure to first disable
802.1X port authentication using the 802.1X command from the configuration mode.
Then, from the 802.11a or 802.11g interface configuration mode, use the vap
command to access each VAP interface to configure other security settings.
From the VAP interface configuration mode, use the authentication command to
set the access point to “Open System.” Use the encryption command to enable
data encryption. To enable WPA to be required for all clients, use the wpa-clients
command. Set the broadcast and multicast key encryption using the
multicast-cipher command. Use the wpa-mode command to enable the
Pre-shared Key mode. To enter a key value, use the wpa-psk-type command to
specify a hexadecimal or alphanumeric key, and then use the wpa-preshared-key
command to define the key. To view the current security settings, use the show
interface wireless a 0 or show interface wireless g 0 command (not shown in
example).
Table 6-4. WPA Configuration Settings
WPA and WPA2 pre-shared key only WPA and WPA2 over 802.1X
Authentication Type: Open System
Data Encryption: Enabled
Key Source: Authentication Server
Authentication Setup: WPA-PSK or WPA2-PSK
WPA Key Management: WPA/WPA2 pre-shared key
WPA Cipher Mode: WEP/TKIP/AES-CCMP
WPA Pre-shared Key Type: Hex/ASCII
Authentication Type: Open System
Data encryption: Enabled
Key Source: Authentication Server
Authentication Setup: WPA, WPA2,
WPA-WPA2-mixed, or WPA-WPA2-PSK-mixed
WPA Key Management: WPA/WPA2 over 802.1x
WPA Cipher Mode: WEP/TKIP/AES-CCMP
Key Type: Hex/ASCII
Shared Key: 64/128/152 bits
Transmit Key: 1/2/3/4
(requires RADIUS server to be specified)
1: You must enable data encryption in order to enable all types of encryption in the access point.
2: Select Auto or
TKIP when any WPA clients do not support AES. Select AES only if all clients support AES.
Enterprise AP(config)#interface wireless g 7-87
Enter Wireless configuration commands, one per line.
Enterprise AP(if-wireless g)#vap 0
Enterprise AP(if-wireless g: VAP[0])#no 802.1X
7-65
Enterprise AP(if-wireless g: VAP[0])#authentication open 7-119
Enterprise AP(if-wireless g: VAP[0])#encryption 7-118
Enterprise AP(if-wireless g: VAP[0])#wpa-clients required 7-123
Enterprise AP(if-wireless g: VAP[0])#multicast-cipher TKIP 7-121
Enterprise AP(if-wireless g: VAP[0])#wpa-preshared-key
ASCII agoodsecret
7-123
Enterprise AP(if-wireless g: VAP[0])#