11-12
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter11 Configuring Authentication Types
Configuring Authentication Types
Step6 authentication key-management
{[wpa [version versionnumber]] |
[cckm] } [ optional ]
(Optional) Set the authentication type for the SSID to WPA,
CCKM, or both. If you use the optional keyword, client
devices other than WPA (WPAv1 or WPAv2) and CCKM
clients can use this SSID. If you do not use the optional
keyword, only WPA (WPAv1 or WPAv2) or CCKM client
devices are allowed to use the SSID.
To enable CCKM for an SSID, you must also enable a form of
EAP authentication (Open with EAP and/or Network EAP).
When CCKM and EAP are enabled for an SSID, client devices
using LEAP, EAP-FAST, PEAP/GTC, MSPEAP, EAP-TLS,
and EAP-FAST authenticate using the SSID, and can benefit
from fast roaming using CCKM.
To enable WPA key management for an SSID (with WPAv1 or
WPAv2), you must also enable Open authentication with EAP
or Network-EAP or both (with or without additional MAC
authentication). In that case, individual client authentication
will occur using EAP, and individual client Pairwise Master
Key will be defined. Alternatively, you can enable Open and
define a WPA pre-shared key. In that case, the pre-shared key
will be used as th e Pairwise Maste r Key (PMK) by the AP and
the wireless client.
Note When you enable both WPA and CCKM for an SSID
from the CLI, you must enter WPA first and CCKM
second (but from the WebUI, simply check both
options). Any WPA client can attempt to authenticate,
but only CCKM voice clients can attempt to
authenticate.
Note Before you can enable CCKM or WPA, you must set
the encryption mode for the SSID's VLAN to one of the
cipher suite options. See the Chapter10, “Configuring
Encryption Modes,” for instructions on configuring the
VLAN encryption mode.
Note If you enable WPA for an SSID without a pre-shared
key, the key management type is WPA. If you enable
WPA with a pre-shared key, the key management type
is WPA-PSK. See the Configuring Additional WPA
Settings for instructions on configuring a pre-shared
key.
See Chapter 12, “Configuring WDS, Fast Secure Roaming,
Radio Management, and Wireless Intrusion Detection
Services,” for detailed instructions on setting up your wireless
LAN to use CCKM and a subnet context manager.
(Optional) When using WPA, you can specify which WPA
version you want to support – WPAv1 or WPAv2.
Command Purpose