User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
5-9
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 5 Configuring Encryption Types
Configure Encryption Types
• TKIP
• AES
• TKIP+AES
• WEP 40-bit
• WEP 128-bit
Universal client configuration
!
dot11 ssid test10
authentication open
authentication key-management wpa
wpa-psk ascii 7 11584B5643475D5B5C737B
!
!
interface Dot11Radio0/1/0
ip address dhcp
!
encryption mode ciphers aes-ccm
!
ssid test10
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role non-root
!
End
The access point is configured with AES+TKIP WPA-PSK encryption. The universal client will display
the following system message when there is a mismatch in the encryption types during association
between the AP and the universal client:
%DOT11-4-CANT_ASSOC: Interface Dot11Radio0/1/0, cannot associate: WPAIE invalid multicast
suite exp=0x0050F204 act=0x0050F202
In this example, the universal client would have the multicast suite of 0x0050F204 (for TKIP) but instead
received the multicast suite of 0x0050F202 (for AES+ TKIP). Here are the different scenarios:
• If the universal client is configured for AES WPAv2 (encryption mode ciphers aes-ccm), the access
point must be configured for AES WPAv2. The universal client will associate with AES encryption.
• If the universal client is configured for TKIP (encryption mode ciphers tkip) The access point must
be configured for either 1. TKIP WPA or 2. TKIP+AES. The universal client will associate with
TKIP encryption.
• If the universal client is configured for AES+TKIP (encryption mode ciphers tkip aes) The access
point must be configured for TKIP+AES. The universal client will associate with AES encryption.
• If the access point is configured for AES WPAv2 WPAv2 (encryption mode ciphers aes-ccm), and
the universal client is configured with TKIP+AES (encryption mode ciphers aes-ccm tkip), you will
get a system message stating the multicast suite was not found.
%DOT11-4-CANT_ASSOC: Interface Dot11Radio0/1/0, cannot associate: WPAIE not found and
required