11-10
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-11350-01
Chapter11 Configuring Authentication Types
Configuring Authentication Types
Note When you configure TKIP-only cipher encryption (not TKIP + WEP 128 or TKIP + WEP 40) on any
radio interface or VLAN, every SSID on that radio or VLAN must be set to use WPA or CCKM key
management. If you configure TKIP on a radio or VLAN but you do not configure key management on
the SSIDs, client authentication fails on the SSIDs.
Configuring Authentication Types
This section describes how to configure authentication types. You attach configuration types to the
access point’s SSIDs. See Chapter7, “Configuring Multiple SSIDs,” for details on setting up multiple
SSIDs. This section contains these topics:
Assigning Authentication Types to an SSID, page11-10
Configuring Authentication Holdoffs, Timeouts, and Intervals, page11-16
Creating and Applying EAP Method Profiles for the 802.1X Supplicant, page11-17
Note There are no default authentication SSIDs for the wireless router.

Assigning Authentication Types to an SSID

Beginning in privileged EXEC mode, follow these steps to configure authentication types for SSIDs:
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 dot11 ssid ssid-string Create an SSID and enter SSID configuration mode for the new
SSID. The SSID can consist of up to 32 alphanumeric
characters. SSIDs are case sensitive.
The SSID can consist of up to 32 alphanumeric, case-sensitive,
characters.
The first character cannot contain the following characters:
Exclamation point (!)
Pound sign (#)
Semicolon (;)
The following characters are invalid and cannot be used in an
SSID:
Plus sign (+)
Right bracket (])
Front slash (/)
Quotation mark (")
Tab
Trailing spaces