
Chapter 6 Configuring WLANs
Configuring Wireless LANs
IKE Authentication
IPSec IKE (Internet Key Exchange) uses
•config wlan security ipsec ike authentication certificates
–Use the certificates option to specify RSA signatures.
•config wlan security ipsec ike authentication
–Use the
–For key, enter a
•config wlan security ipsec ike authentication
•Enter show wlan to verify that IPSec IKE is enabled.
IKE Diffie-Hellman Group
IPSec IKE uses
•config wlan security ipsec ike DH-Group wlan-id group-id
–For
•Enter show wlan to verify that IPSec IKE DH group is configured.
IKE Phase 1 Aggressive and Main Modes
IPSec IKE uses the Phase 1 Aggressive (faster) or Main (more secure) mode to set up encryption between clients and the controller. Enter these commands to specify the Phase 1 encryption mode for a wireless LAN with IPSec enabled:
•config wlan security ipsec ike phase1 {aggressive main}
•Enter show wlan to verify that the Phase 1 encryption mode is configured.
IKE Lifetime Timeout
IPSec IKE uses its timeout to limit the time that an IKE key is active. Enter these commands to configure an IKE lifetime timeout:
•config wlan security ipsec ike lifetime wlan-id seconds
–For seconds, enter a number of seconds from 1800 to 345600 seconds. The default timeout is 28800 seconds.
•Enter show wlan to verify that the key timeout is configured.
Cisco Wireless LAN Controller Configuration Guide
|
| ||
|
|