User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
6-17
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 6 Configuring Authentication Types
Matching Access Point and Client Device Authentication Types
EAP-FAST authentication
with WPA
Enable EAP-FAST and Wi-Fi
Protected Access (WPA) and
enable automatic provisioning or
import a PAC file.
To allow the client to associate to
both WPA and non-WPA access
points, enable Allow Association to
both WPA and non-WPA
authenticators.
Select a cipher suite that includes
TKIP, set up and enable WEP, and
enable Network-EAP and WPA for
the SSID.
Note To allow both WPA and
non-WPA clients to use the
SSID, enable optional
WPA.
802.1x authentication Enable LEAP Select a cipher suite and enable
Network-EAP for the SSID
802.1x authentication and
WPA
Enable any 802.1x authentication
method
Select a cipher suite and enable
Open authentication and WPA for
the SSID (you can also enable
Network-EAP authentication in
addition to or instead of Open
authentication)
Note To allow both WPA clients
and non-WPA clients to use
the SSID, enable optional
WPA.
802.1x authentication and
WPA-PSK
Enable any 802.1x authentication
method
Select a cipher suite and enable
Open authentication and WPA for
the SSID (you can also enable
Network-EAP authentication in
addition to or instead of Open
authentication). Enter a WPA
pre-shared key.
Note To allow both WPA clients
and non-WPA clients to use
the SSID, enable optional
WPA.
EAP-TLS authentication
If using ACU to
configure card
Enable Host Based EAP and Use
Dynamic WEP Keys in ACU and
select Enable network access
control using IEEE 802.1X and
Smart Card or Other Certificate as
the EAP Type in Windows 2000
(with Service Pack 3) or
Windows
XP
Set up and enable WEP and enable
EAP and Open authentication for
the SSID
If using Windows XP
to configure card
Select Enable network access
control using IEEE 802.1X and
Smart Card or other Certificate as
the EAP Type
Set up and enable WEP and enable
EAP and Open Authentication for
the SSID
Ta b l e 6 - 2 C l i e n t a n d A c c e s s P o i n t Security Settings (continued)
Security Feature Client Setting Access Point Setting