User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
6-16
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 6 Configuring Authentication Types
Matching Access Point and Client Device Authentication Types
Use the no form of these commands to reset the values to default settings.
Matching Access Point and Client Device Authentication Types
To use the authentication types described in this section, the access point authentication settings must
match the authentication settings on the client adapters that associate to the access point. Refer to the
Cisco Aironet Wireless LAN Client Adapters Installation and Configuration Guide for Windows for
instructions on setting authentication types on wireless client adapters. Refer to
Chapter 5, “Configuring
Encryption Types,” for instructions on configuring encryption on the access point.
Table 6-2 lists the client and access point settings required for each authentication type.
Note Some non-Cisco client adapters do not perform 802.1x authentication to the access point unless you
configure Open authentication with EAP. To allow both the Cisco access point clients using LEAP and
non-Cisco clients using LEAP to associate using the same SSID, you might need to configure the SSID
for both Network EAP authentication and Open authentication with EAP.
Step 6
countermeasure tkip hold-time
seconds
Configure a TKIP MIC failure holdtime. If the access point
detects two MIC failures within 60 seconds, it blocks all the
TKIP clients on that interface for the holdtime period.
Step 7
end Return to privileged EXEC mode.
Step 8
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Ta b l e 6-2 Client and Access Point Security Settings
Security Feature Client Setting Access Point Setting
Static WEP with open
authentication
Create a WEP key and enable Use
Static WEP Keys and Open
Authentication
Set up and enable WEP and enable
Open Authentication for the SSID
Static WEP with shared key
authentication
Create a WEP key and enable Use
Static WEP Keys and Shared Key
Authentication
Set up and enable WEP and enable
Shared Key Authentication for the
SSID
LEAP authentication Enable LEAP Set up and enable WEP and enable
Network-EAP for the SSID
1
EAP-FAST authentication Enable EAP-FAST and enable
automatic provisioning or import a
PAC file
Set up and enable WEP and enable
Network-EAP for the SSID
1