User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
6-14
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 6 Configuring Authentication Types
Configure Authentication Types
This example shows how to configure a pre-shared key for clients using WPA and static WEP, with group
key update options:
ap# configure terminal
ap(config)# interface dot11radio 0
ap(config-if)# ssid batman
ap(config-ssid)# wpa-psk ascii batmobile65
ap(config-ssid)# exit
ap(config-if)# exit
ap(config)# broadcast-key vlan 87 membership-termination capability-change
Configuring MAC Authentication Caching
If MAC-authenticated clients on your wireless LAN roam frequently, you can enable a MAC
authentication cache on your access points. MAC authentication caching reduces overhead because the
access point authenticates devices in its MAC-address cache without sending the request to your
authentication server. When a client device completes MAC authentication to your authentication server,
the access point adds the client’s MAC address to the cache.
Beginning in privileged EXEC mode, follow these steps to enable MAC authentication caching:
Step 6
broadcast-key [ vlan vlan-id ]
{ change seconds }
[ membership-termination ]
[ capability-change ]
Use the broadcast key rotation command to configure
additional updates of the WPA group key.
Step 7
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
dot11 aaa authentication
mac-authen filter-cache [timeout
seconds]
Enable MAC authentication caching on the access point.
Use the timeout option to configure a timeout value for MAC
addresses in the cache. Enter a value from 30 to 65555 seconds.
The default value is 1800 (30 minutes). When you enter a
timeout value, MAC-authentication caching is enabled
automatically.
Step 3
exit Return to privileged EXEC mode.
Step 4
show dot11 aaa authentication
mac-authen filter-cache [address]
Show entries in the MAC-authentication cache. Include client
MAC addresses to show entries for specific clients.
Step 5
clear dot11 aaa authentication
mac-authen filter-cache [address]
Clear all entries in the cache. Include client MAC addresses to
clear specific clients from the cache.
Step 6
end Return to privileged EXEC mode.
Step 7
copy running-config startup-config (Optional) Save your entries in the configuration file.