User's Manual
Table Of Contents
- Warranty and Product Registration
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Web Configuration
- Command Line Interface
- Using the Command Line Interface
- General Commands
- System Management Commands
- country
- prompt
- system name
- system-resource
- password
- reboot-schedule
- apmgmgtui ssh enable
- apmgmtui ssh port
- apmgmtui telnet- server enable
- apmgmtui http port
- apmgmtui http server
- apmgmtui http session-timeout
- apmgmtui https port
- apmgmtui https server
- apmgmtui snmp
- apmgmtip
- show apmanagement
- show system
- show system resource
- show version
- show config
- System Logging Commands
- System Clock Commands
- DHCP Relay Commands
- SNMP Commands
- snmp-server community
- snmp-server contact
- snmp-server location
- snmp-server enable server
- snmp-server host
- snmp-server trap
- snmp-server vacm view
- snmp-server vacm group
- snmp-server user
- snmp-server target
- snmp-server filter
- show snmp users
- show snmp target
- show snmp filter
- show snmp
- show snmp vacm view
- show snmp vacm group
- Flash/File Commands
- RADIUS Client Commands
- 802.1X Authentication Commands
- MAC Address Authentication Commands
- Filtering Commands
- Spanning Tree Commands
- bridge stp service
- bridge stp br-conf forwarding-delay
- bridge stp br-conf hello-time
- bridge stp br-conf max-age
- bridge stp br-conf priority
- bridge stp port-conf interface
- bridge-link path-cost
- bridge-link port- priority
- vap (STP Interface)
- path-cost (STP Interface)
- port-priority (STP Interface)
- bridge mac-aging
- show bridge stp
- show bridge br-conf
- show bridge port-conf interface
- show bridge status
- show bridge forward address
- show bridge mac- aging
- WDS Bridge Commands
- Ethernet Interface Commands
- Wireless Interface Commands
- interface wireless
- vap
- a-mpdu
- a-msdu
- channel
- transmit-power
- min-allowed-rate
- disable-coexist
- make-rf-setting- effective
- preamble
- short-guard-interval
- beacon-interval
- dtim-period
- rts-threshold
- ssid
- closed-system
- max-client
- max-association
- client-assoc-preempt
- assoc-timeout- interval
- auth-timeout-interval
- multicast-enhance
- shutdown (VAP)
- interfere-chan- recover
- antenna-chain
- long-distance
- long-distance reference-data
- long-distance slottime
- long-distance acktimeout
- long-distance ctstimeout
- bandwidth-control downlink
- bandwidth-control downlink rate
- bandwidth-control uplink
- bandwidth-control uplink rate
- show interface wireless
- show station
- show station statistics
- Wireless Security Commands
- Rogue AP Detection Commands
- Link Integrity Commands
- Link Layer Discovery Commands
- VLAN Commands
- WMM Commands
- QoS Commands
- Appendices
- Index of CLI Commands
- Index
Chapter 25
| Wireless Security Commands
– 233 –
wpa2-psk - Clients using WPA2 with a Pre-shared Key are accepted for
authentication.
wpa-wpa2-mixed - Clients using WPA or WPA2 are accepted for
authentication.
wpa-wpa2-psk-mixed - Clients using WPA or WPA2 with a Pre-shared Key
are accepted for authentication
Default Setting
open-system
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
◆ The auth command automatically configures settings for each authentication
type, including encryption, 802.1X, and cipher suite. The command auth open-
system disables encryption and 802.1X.
◆ To use WEP shared-key authentication, set the authentication type to “shared-
key” and define at least one static WEP key with the key command. Encryption
is automatically enabled by the command.
◆ To use WEP encryption only (no authentication), set the authentication type to
“open-system.” Then enable WEP with the encryption command, and define at
least one static WEP key with the key command.
◆ When any WPA or WPA2 option is selected, clients are authenticated using
802.1X via a RADIUS server. Each client must be WPA-enabled or support
802.1X client software. The 802.1X settings (see “802.1X Authentication
Commands” on page 173) and RADIUS server details (see “RADIUS Client
Commands” on page 167) must be configured on the access point. A RADIUS
server must also be configured and be available in the wired network.
◆ If a WPA/WPA2 mode that operates over 802.1X is selected (WPA, WPA2, WPA-
WPA2-mixed, or WPA-WPA2-PSK-mixed), the 802.1X settings (see “802.1X
Authentication Commands” on page 173) and RADIUS server details (see
“RADIUS Client Commands” on page 167) must be configured. Be sure you
have also configured a RADIUS server on the network before enabling
authentication. Also, note that each client has to be WPA-enabled or support
802.1X client software. A RADIUS server must also be configured and be
available in the wired network.
◆ If a WPA/WPA2 Pre-shared Key mode is selected (WPA-PSK, WPA2-PSK or WPA-
WPA2-PSK-mixed), the key must first be generated and distributed to all
wireless clients before they can successfully associate with the access point.
Use the wpa-preshared-key command to configure the key (see “key” on
page 235 and “transmit-key” on page 236).