User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
5-8
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 5 Configuring Encryption Types
Configure Encryption Types
Use the no form of the encryption command to disable broadcast key rotation.
This example enables broadcast key rotation on VLAN 22 and sets the rotation interval to 300 seconds:
router# configure terminal
router(config)# interface dot11radio 0
routerrouter(config-if)# broadcast-key vlan 22 change 300
router(config-ssid)# end
Security Type in Universal Client Mode
Security
In universal client mode, the security type must be configured exactly as that of the access point it is
associating to. For example, if the access point is configured with AES and TKIP encryption, the
universal client must also have AES+TKIP in order for the devices to associate properly.
Step 3
broadcast-key
change seconds
[ vlan vlan-id ]
[ membership-termination ]
[ capability-change ]
Enable broadcast key rotation.
• Enter the number of seconds between each rotation of the
broadcast key.
• (Optional) Enter a VLAN for which you want to enable
broadcast key rotation.
• (Optional) If you enable WPA authenticated key
management, you can enable additional circumstances
under which the access point changes and distributes the
WPA group key.
–
Membership termination—the access point generates
and distributes a new group key when any
authenticated client device disassociates from the
access point. This feature protects the privacy of the
group key for associated clients. However, it might
generate some overhead if clients on your network
roam frequently.
–
Capability change—the access point generates and
distributes a dynamic group key when the last non-key
management (static WEP) client disassociates, and it
distributes the statically configured WEP key when the
first non-key management (static WEP) client
authenticates. In WPA migration mode, this feature
significantly improves the security of
key-management capable clients when there are no
static-WEP clients associated to the access point.
See Chapter 6, “Configuring Authentication Types,” for
detailed instructions on enabling authenticated key
management.
Step 4
end Return to privileged EXEC mode.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose