Chapter 6 Configuring WLANs

Configuring Wireless LANs

If you want to change the 802.1X encryption level for a wireless LAN, use this command: config wlan security 802.1X encryption wlan-id[40 104 128]

Use the 40 option to specify 40/64-bit encryption.

Use the 104 option to specify 104/128-bit encryption. (This is the default encryption setting.)

Use the 128 option to specify 128/152-bit encryption.

WEP Keys

Cisco Wireless LAN Controllers can control static WEP keys across access points. Use these commands to configure static WEP for wireless LANs:

Enter this command to disable 802.1X encryption: config wlan security 802.1X disable wlan-id

Enter this command to configure 40/64, 104/128, or 128/152-bit WEP keys:

config wlan security static-wep-key encryption wlan-id{40 104 128} {hex ascii} key key-index

Use the 40, 104, or 128 options to specify 40/64-bit, 104/128-bit, or 128/152-bit encryption. The default setting is 104/128.

Use the hex or ascii option to specify the character format for the WEP key.

Enter 10 hexadecimal digits (any combination of 0-9, a-f, or A-F) or five printable ASCII characters for 40-bit/64-bit WEP keys; enter 26 hexadecimal or 13 ASCII characters for

104-bit/128-bit keys; enter 32 hexadecimal or 16 ASCII characters for 128-bit/152-bit keys.

Enter a key index (sometimes called a key slot) 1 through 4.

Note One unique WEP key index must be applied to each wireless LAN that uses static WEP. Because there are only four key indexes, only four wireless LANs can be configured for static WEP Layer 2 encryption. Also note that some legacy clients can only access key index 1 through 3 but cannot access key index 4.

Dynamic WPA Keys and Encryption

Cisco Wireless LAN Controllers can control WPA (Wi-Fi Protected Access) across access points. Enter these commands to configure WPA for a wireless LAN:

Enter this command to disable 802.1X encryption: config wlan security 802.1X disable wlan-id

Enter these commands to configure authorization and dynamic key exchange on a wireless LAN:

config wlan security wpa enable wlan-id

config wlan security wpa encryption aes-ocb wlan-id

config wlan security wpa encryption tkip wlan-id

config wlan security wpa encryption wep wlan-id{40 104 128}

Enter show wlan to verify that you have WPA enabled.

Cisco Wireless LAN Controller Configuration Guide

 

OL-8335-02

6-5

 

 

 

Page 130 Page 132
Page 131
Image 131
Cisco Systems 3.2 manual WEP Keys, Dynamic WPA Keys and Encryption
Page 130 Page 132
Top Page Image Contents