User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
5-6
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 5 Configuring Encryption Types
Configure Encryption Types
Use the no form of the encryption command to disable a cipher suite.
This example sets up a cipher suite for VLAN 22 that enables AES-CCM, and 128-bit WEP.
router# configure terminal
router(config)# interface dot11radio 0
router(config-if)# encryption vlan 22 mode ciphers aes-ccm wep128
router(config-if)# exit
Cipher Suites Compatible with WPA
If you configure your access point to use WPA authenticated key management, you must select a cipher
suite compatible with the authenticated key management type.
Table 5-3 lists the cipher suites that are
compatible with WPA.
Step 3
encryption
[vlan vlan-id]
mode ciphers
{[aes-ccm | tkip]} {[wep128 |
wep40]}
Enable a cipher suite containing the encryption you need.
Table 5-3 lists guidelines for selecting a cipher suite that
matches the type of authenticated key management you
configure.
• (Optional) Select the VLAN for which you want to enable
WEP and WEP features.
• Set the cipher options and WEP level. You can combine
TKIP with 128-bit or 40-bit WEP.
Note You ca n a lso us e the encryption mode wep command
to set up static WEP. However, you should use
encryption mode wep only if no clients that associate
to the access point are capable of key management. See
the Cisco IOS Command Reference for Cisco Access
Points and Bridges for a detailed description of the
encryption mode wep command.
Note When you configure the cipher TKIP and AES-CCM
(not TKIP + WEP 128 or TKIP + WEP 40) for an
SSID, the SSID must use WPA key management. Client
authentication fails on an SSID that uses the cipher
TKIP without enabling WPA key management.
Step 4
end Return to privileged EXEC mode.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose