4-24

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-11350-01
Chapter4 Configuring the Access Point for the First Time
Configuring Basic Security Settings
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
Example: EAP Authentication

This example shows part of the configuration that results from using the Express Security page to create

an SSID called eap_ssid, excluding the SSID from the beacon, and assigning the SSID to VLAN 30:

Note The following warning message appears if your radio clients are using EAP-FAST and you don’t include

open authentication with EAP as part of the configuration:

SSID CONFIG WARNING: [SSID]: If radio clients are using EAP-FAST, AUTH OPEN with EAP

should also be configured.

dot11 ssid eap_ssid
vlan 30
authentication open eap eap_methods
authentication network-eap eap_methods
!
interface Dot11Radio0/1
no ip address
no ip route-cache
!
encryption vlan 30 mode wep mandatory
!
ssid eap_ssid
!
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
rts threshold 2312
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0/1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
!
interface Dot11Radio0/1
no ip address
no ip route-cache
!
encryption vlan 30 mode wep mandatory
!
ssid eap_ssid
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
rts threshold 2312
station-role root