Specifications
1-3
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-5260-01
Chapter 1 Overview
Features
• Wi-Fi Protected Access (WPA)—Wi-Fi Protected Access is a standards-based, interoperable
security enhancement that strongly increases the level of data protection and access control for
existing and future wireless LAN systems. It is derived from and will be forward-compatible with
the upcoming IEEE 802.11i standard. WPA leverages TKIP (Temporal Key Integrity Protocol) for
data protection and 802.1X for authenticated key management.
• Fast secured roaming using Cisco Centralized Key Management (CCKM)—Using CCKM,
authenticated client devices can roam securely from one access point to another without any
perceptible delay during reassociation. An access point on your network provides wireless domain
services (WDS) and creates a cache of security credentials for CCKM-enabled client devices on the
subnet. The WDS access point’s cache of credentials dramatically reduces the time required for
reassociation when a CCKM-enabled client device roams to a new access point.
• Access point as backup or stand-alone authentication server—You can configure an access point to
act as a local authentication server to provide authentication service for small wireless LANs
without a RADIUS server or to provide backup authentication service in case of a WAN link or a
server failure. The access point can authenticate up to 50 LEAP-enabled wireless client devices and
allow them to join your network. Access points running Cisco IOS Release 12.2(15)JA also can
provide backup MAC-address authentication service for up to 50 addresses.
• Client ARP caching—To reduce traffic on the wireless LAN, you can configure access points
running Cisco IOS Release 12.2(13)JA or later to reply to ARP queries on behalf of associated client
devices. In previous releases, the access point forwards ARP queries to all associated client devices,
and the specified client responds with its MAC address. When the access point maintains an ARP
cache, however, it responds to ARP queries on behalf of the client device and does not forward the
queries through its radio port.
• CCKM voice clients and WPA clients on the same VLAN—Access points running Cisco IOS
Release 12.2(13)JA or later allow both 802.11b CCKM voice clients and 802.11b WPA clients on
the same VLAN.
• WISPr RADIUS attributes—The Wi-Fi Alliance’s WISPr Best Current Practices for Wireless
Internet Service Provider (WISP) Roaming document lists RADIUS attributes that access points
must send with RADIUS accounting and authentication requests. You can configure access points
running Cisco IOS Release 12.2(13)JA or later to include these attributes in all RADIUS accounting
and authentication requests.
• Support for 802.11g radios—Cisco IOS Releases 12.2(13)JA or later support the 802.11g, 2.4-GHz
mini-PCI radio. You can upgrade the 802.11b, 2.4-GHz radio in 1100 and 1200 series access points
with an 802.11g, 2.4-GHz radio.
• Radio management features on 802.11a, 802.11b, and 802.11g radios—Access points running Cisco
IOS Release 12.2(15)JA can participate in radio management using 802.11a, b, and g radios. Access
points configured for WDS interact with the WDS device on your wireless LAN. The WDS device
forwards radio data to and from the WLSE device or wireless network manager on your network.
Radio management includes these features, which are configured on your WLSE device:
–
Rogue access point detection, including the rogue device’s IP and MAC addresses, SSID, and,
if it is connected to a Cisco device, the switch port to which the rogue is connected
–
Self-healing wireless LAN; if an access point fails, nearby access points increase their transmit
power to cover the gap in your wireless LAN
–
Client tracking to identify the access point to which each client device is associated
• Scanning-only mode—Access points running Cisco IOS Release 12.2(15)JA can act as scanners to
detect rogue access points and monitor radio traffic on your wireless LAN. Access points configured
as scanners participate in radio management but do not accept client associations.