Manualshelf

User's Manual

ManualsBrandsCisco Systems ManualsElectronics4.9 GHz WMIC Mini PCI Module
71727374757677787980
3-27
Cisco 3200 Series Wireless MIC Software Configuration Guide
OL-7734-02
Chapter 3 Administering the WMIC
Protecting the Wireless LAN
Express Security Types
Table 3-4 describes the four security types that you can assign to an SSID.
Security Configuration Examples
This section contains these example configurations:
No Security SSID Example
Static WEP Security Example
EAP Authentication Security Example
WPA Security Example
No Security SSID Example
This example shows part of the configuration to create an SSID called no_security_ssid, including the
SSID in the beacon, assigning it to VLAN 10, and selecting VLAN 10 as the native VLAN (as it applies
to the 2.4-GHz (802.11b/g) WMIC):
interface Dot11Radio0
no ip address
no ip route-cache
!
Ta b l e 3 - 4 S e c u r i t y Ty p e s
Security Type Description Security Features Enabled
No Security This is the least secure option. Use this option only for
SSIDs used in a public space and assign it to a VLAN
that restricts access to your network.
None.
Static WEP Key This option is more secure than no security. However,
static WEP keys are vulnerable to attack. Consider
limiting association to the access point based on MAC
address or, if the network does not have a RADIUS
server, consider using an access point as a local
authentication server.
Mandatory WEP encryption, no key
management, and open authentication. In
root access point mode, client devices
cannot associate using this SSID without a
WEP key that matches the access point key.
EAP Authentication This option enables 802.1x authentication (such as
LEAP, PEAP, EAP-TLS, EAP-GTC, EAP-SIM, and
others) requires an IP address and shared secret for an
authentication server on the network (server
authentication port 1645). Because 802.1x
authentication provides dynamic encryption keys, a
WEP key is not required.
Mandatory 802.1x authentication, In root
access point mode, client devices that
associate using this SSID must perform
802.1x authentication.
WPA Wi-Fi Protected Access (WPA) permits wireless
access to users authenticated against a database
through the services of an authentication server, then
encrypts their IP traffic with stronger algorithms than
those used in WEP. As with EAP authentication, the IP
address and shared secret for an authentication server
on your network (server authentication port 1645) are
required.
Mandatory WPA authentication. In root
access point mode, client devices that
associate using this SSID must be
WPA-capable.