User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
6-11
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 6 Configuring Authentication Types
Configure Authentication Types
Step 4
authentication shared
[mac-address list-name]
[eap list-name]
(Optional) Set the authentication type for the SSID to shared
key.
Note Because of shared key's security flaws, Cisco
recommends that you avoid using it.
Note You c an ass ign sha red key a uth enti cat ion to onl y o ne
SSID.
• (Optional) Set the SSID’s authentication type to shared key
with MAC address authentication. For list-name, specify
the authentication method list.
• (Optional) Set the SSID’s authentication type to shared key
with EAP authentication. For list-name, specify the
authentication method list.
Step 5
authentication network-eap
list-name
[mac-address list-name]
(Optional) Set the authentication type for the SSID to
Network-EAP. Using the Extensible Authentication Protocol
(EAP) to interact with an EAP-compatible RADIUS server, the
access point helps a wireless client device and the RADIUS
server to perform mutual authentication and derive a dynamic
unicast WEP key. However, the access point does not force all
client devices to perform EAP authentication.
• (Optional) Set the SSID’s authentication type to
Network-EAP with MAC address authentication. All client
devices that associate to the access point are required to
perform MAC-address authentication. For list-name,
specify the authentication method list.
Step 6
authentication key-management
{
[wpa]} [ optional ]
(Optional) Set the authentication type for the SSID to WPA. If
you use the optional keyword, client devices other than WPA
clients can use this SSID. If you do not use the optional
keyword, only WPA client devices are allowed to use the SSID.
When Network EAP is enabled for an SSID, client devices
using LEAP, EAP-FAST, PEAP/GTC, MSPEAP, and EAP-TLS
can authenticate using the SSID.
To enable WPA for an SSID, you must also enable Open
authentication or Network-EAP or both.
Note Before you can enable WPA, you must set the
encryption mode for the SSID’s VLAN to one of the
cipher suite options. See the
“Configure Encryption
Types” section on page 5-3 for instructions on
configuring the VLAN encryption mode.
Note If you enable WPA for an SSID without a pre-shared
key, the key management type is WPA. If you enable
WPA with a pre-shared key, the key management type
is WPA-PSK. See the
“Configuring Additional WPA
Settings” section on page 6-13 for instructions on
configuring a pre-shared key.
Command Purpose