11-22
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter11 Configuring Authentication Types
Matching Access Point and Client Device Authentication Types
802.1X authentication and
CCKM
Enable LEAP Select a cipher suite and enable
Open with EAP and/or Network
EAP, and CCKM for the SSID.
Note To allow both 802.1X
clients and non-802.1X
clients to use the SSID,
enable optional CCKM.
802.1X authentication and
WPA
Enable any 802.1X authentication
method
Select a cipher suite and enable
Open with EAP and WPA for the
SSID (you can also enable
Network-EAP authentication in
addition to or instead of Open with
EAP)
Note To allow both WPA clients
and non-WPA clients to use
the SSID, enable optional
WPA.
802.1X authentication and
WPA-PSK
Enable any 802.1X authentication
method
Select a cipher suite and enable
Open authentication with Optional
EAP and WPA for the SSID (you
can also enable Network-EAP
authentication in addition to or
instead of Open authentication with
Optional EAP). Enter a WPA
pre-shared key.
Clients using 802.1x/EAP will
generate individual WPA PMKs.
Clients using WPA-PSK will use
the PSK as a PMK.
Note To allow both WPA clients
and non-WPA clients to use
the SSID, enable optional
WPA.
EAP-TLS authentication with dynamic WEP encryption
If using Windows to
configure card
Select Enable network access
control using IEEE 802.1X and
Smart Card or other Certificate as
the EAP Type
Set up and enable WEP and enable
EAP and Open with EAP for the
SSID
EAP-MD5 authentication with dynamic WEP encryption
If using Windows XP
to configure card
Select Enable network access
control using IEEE 802.1X and
MD5-Challenge as the EAP Type
Set up and enable WEP and enable
EAP and Open Authentication for
the SSID
Table11-1 Client and Access Point Security Settings (continued)
Security Feature Client Setting Access Point Setting