11-22
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Chapter11 Configuring Authentication Types
Guest Access Management
Guest Access ManagementGuest Access allows a guest to gain access to the Internet, and the guest’s own enterprise without
compromising the security of the host enterprise.
EAP-MD5 authentication
If using ACU to
configure card
Create a WEP key, enable Host
Based EAP, and enable Use Static
WEP Keys in ACU and select
Enable network access control
using IEEE 802.1X and
MD5-Challenge as the EAP Type
in Windows 2000 (with Service
Pack 3) or Windows XP
Set up and enable WEP and enable
EAP and Open authentication for
the SSID
If using Windows XP
to configure card
Select Enable network access
control using IEEE 802.1X and
MD5-Challenge as the EAP Type
Set up and enable WEP and enable
EAP and Open Authentication for
the SSID
PEAP authentication
If using ACU to
configure card
Enable Host Based EAP and Use
Dynamic WEP Keys in ACU and
select Enable network access
control using IEEE 802.1X and
PEAP as the EAP Type in Windows
2000 (with Service Pack 3) or
Windows XP
Set up and enable WEP and enable
EAP and Open authentication for
the SSID
If using Windows XP
to configure card
Select Enable network access
control using IEEE 802.1X and
PEAP as the EAP Type
Set up and enable WEP and enable
Require EAP and Open
Authentication for the SSID
EAP-SIM authentication
If using ACU to
configure card
Enable Host Based EAP and Use
Dynamic WEP Keys in ACU and
select Enable network access
control using IEEE 802.1X and
SIM Authentication as the EAP
Type in Windows 2000 (with
Service Pack 3) or Windows XP
Set up and enable WEP with full
encryption and enable EAP and
Open authentication for the SSID
If using Windows XP
to configure card
Select Enable network access
control using IEEE 802.1X and
SIM Authentication as the EAP
Type
Set up and enable WEP with full
encryption and enable Require EAP
and Open Authentication for the
SSID
1. Some non-Cisco Aironet client adapters do not perform 802.1X authentication to the access point unless you configure
Open authentication with EAP. To allow both Cisco Aironet clients using LEAP and non-Cisco Aironet clients using LEAP
to associate using the same SSID, you might need to configure the SSID for both Network EAP authentication and
Open authentication with EAP. Likewise, to allow both Cisco Aironet 802.11a/b/g client adapters (CB21AG and PI21AG)
running EAP-FAST and non-Cisco Aironet clients using EAP-FAST or LEAP to associate using the same SSID, you might
need to configure the SSID for both Network EAP authentication and Open authentication with EAP.
Table11-2 Client and Access Point Security Settings (continued)
Security Feature Client Setting Access Point Setting