11-15
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter11 Configuring Authentication Types
Configuring Authentication Types
This example shows how to configure a pre-shared key for clients using WPA and static WEP, with group
key update options:
ap# configure terminal
ap(config-if)# ssid batman
ap(config-ssid)# wpa-psk ascii batmobile65
ap(config)# interface dot11radio 0
ap(config-ssid)# ssid batman
ap(config-if)# exit
ap(config)# broadcast-key vlan 87 membership-termination capability-change
Configuring MAC Authentication Caching
If MAC-authenticated clients on your wireless LAN roam frequently, you can enable a MAC
authentication cache on your access points. MAC authentication caching reduces overhead because the
access point authenticates devices in its MAC-address cache without sending the request to your
authentication server. When a client device completes MAC authentication to your authentication server,
the access point adds the client’s MAC address to the cache.
Beginning in privileged EXEC mode, follow these steps to enable MAC authentication caching:
Step4 interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface.
The 2.4-GHz radio and the 2.4-GHz 802.11n radio is 0.
The 5-GHz radio and the 5-GHz 802.11n radio is 1.
Step5 ssid ssid-string Enter the ssid defined in Step 2 to assign the ssid to the selected
radio interface.
Step6 exit Return to privileged EXEC mode.
Step7 broadcast-key [ vlan vlan-id ]
{ change seconds }
[ membership-termination ]
[ capability-change ]
Use the broadcast key rotation command to configure
additional updates of the WPA group key.
Step8 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 dot11 aaa authentication
mac-authen filter-cache [timeout
seconds]
Enable MAC authentication caching on the access point.
Use the timeout option to configure a timeout value for MAC
addresses in the cache. Enter a value from 30 to 65555 seconds.
The default value is 1800 (30 minutes). When you enter a
timeout value, MAC-authentication caching is enabled
automatically.
Step3 exit Return to privileged EXEC mode.
Step4 show dot11 aaa authentication
mac-authen filter-cache [address]
Show entries in the MAC-authentication cache. Include client
MAC addresses to show entries for specific clients.
Step5 clear dot11 aaa authentication
mac-authen filter-cache [address]
Clear all entries in the cache. Include client MAC addresses to
clear specific clients from the cache.