User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
6-8
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 6 Configuring Authentication Types
Understand Authentication Types
Software and Firmware Requirements for WPA and WPA-TKIP
Table 6-1 lists the firmware and software requirements required on access points and Cisco client
devices to support WPA key management and WPA-TKIP encryption protocols.
To support the security combinations in Table 6-1, your access points and client devices must run the
following software and firmware versions:
• Cisco IOS Release 12.4(2)T or later on access points
• Install Wizard version 1.2 for 340, 350, and CB20A client devices, which includes these
components:
–
PC, LM, and PCI card driver version 8.4
–
Mini PCI and PC-cardbus card driver version 3.7
–
Aironet Client Utility (ACU) version 6.2
–
Client firmware version 5.30.13
Note When you configure AES-CCM and TKIP-only cipher encryption (not TKIP + WEP 128 or TKIP +
WEP 40) on any radio interface or VLAN, every SSID on that radio or VLAN must be set to use WPA
key management. If you configure TKIP on a radio or VLAN but you do not configure key management
on the SSIDs, client authentication fails on the SSIDs.
Ta b l e 6-1 Software and Firmware Requirements for WPA and WPA-TKIP
Key Management and Encryption
Protocol
Third Party Host Supplicant
1
Required?
1. Such as Funk Odyssey Client supplicant version 2.2 or Meetinghouse Data Communications Aegis Client version 2.1.
Supported Platform Operating
Systems
LEAP with WPA-TKIP No Windows XP and 2000
LEAP with WPA No Windows XP and 2000
Host-based EAP (such as PEAP,
EAP-SIM, and EAP-TLS) with
WPA
No
2
2. Windows XP does not require a third-party supplicant, but you must install Windows XP Service Pack 1 and Microsoft support
patch 815485.
Windows XP
Host-based EAP (such as PEAP,
EAP-SIM, and EAP-TLS) with
WPA
Yes Windows 2000
WPA-PSK Mode No
2
Windows XP
WPA-PSK Mode Yes Windows 2000