Chapter 8 Security Setup

Setting Up EAP Authentication

Step 6 Enter the shared secret used by your RADIUS server in the Shared Secret entry field. The shared secret on the access point must match the shared secret on the RADIUS server. The shared secret can contain up to 64 alphanumeric characters.

Step 7 Enter the number of seconds the the access point should wait before authentication fails in the Retran Int (sec) field.

Step 8 Enter the number of times the access point should attempt to contact the primary server before giving up in the Max Retran field.

Step 9 Select EAP Authentication under the server. The EAP Authentication check box designates the server as an authenticator for any EAP type, including LEAP, PEAP, EAP-TLS, EAP-SIM, and EAP-MD5.

Step 10 Click OK. You return automatically to the Security Setup page.

Step 11 On the Security Setup page, click Radio Data Encryption (WEP) to browse to the AP Radio Data Encryption page (Figure 8-6).

Step 12 Select Network-EAPfor the Authentication Type setting to allow EAP-enabled client devices to authenticate through the access point.

a.For LEAP authentication only, select Network-EAPand deselect the Open and Shared check boxes.

b.To allow LEAP and Static WEP authentication, select Network-EPand the Open and Shared check boxes.

c.For other authentication types (EAP-TLS, MD5) select Require EAP and the Open and Shared check box, as appropriate.

Note When you select Require EAP, you block client devices that are not using EAP from authenticating through this access point radio.

Table 8-4lists the access point settings that provide authentication for various client devices.

Table 8-4 Access Point EAP Settings for Various Client Configurations

Access Point Configuration

Client Devices Allowed to Authenticate

 

 

Network-EAP authentication

Client devices with LEAP enabled

 

Repeater access points with LEAP

 

enabled

 

 

Open authentication with

Client devices with EAP enabled

Require EAP check box

Cisco Aironet devices with EAP-TLS or

selected

EAP-MD5 enabled through Windows XP

 

 

Note Selecting Require EAP on the access

 

point blocks non-EAP client devices

 

from using the access point.

 

 

Step 13 Check that a WEP key has been entered in key slot 1. If a WEP key has been set up in slot 1, skip to Step 17. If no WEP key has been set up, proceed to Step 14.

Note You can use EAP without enabling WEP, but packets sent between the access point and the client device will not be encrypted. To maintain secure communications, use WEP at all times.

Cisco Aironet 1200 Series Access Point Software Configuration Guide

 

OL-2159-05

8-17

 

 

 

Page 179
Image 179
Cisco Systems DL-2159-05 manual Access Point EAP Settings for Various Client Configurations