19-8
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter19 Configuring Repeater and Standby Access Points and Wo rkgroup Bridge Mode
Aligning Antennas
Setting Up a Repeater As a EAP-FAST Client
You can set up a repeater access point to authenticate to your network like other wireless client devices.
After you provide a network username and password for the repeater access point, it can authenticate to
your network, through the root AP, using user credentials.
Setting up a repeater as a EAP-FAST, or other 802.1x/EAP authentication-method client requires three
major steps:
1. Create an authentication username and password for the repeater on your authentication server.
2. Configure the authentication method to be supported on the root access point to which the repeater
associates. The access point to which the repeater associates is called the parent access point. See
Chapter 11, “Configuring Authentication Types,” for instructions on setting up authentication.
Note On the repeater access point, you must enable the same cipher suite or WEP encryption
method and WEP features that are enabled on the parent access point.
3. Configure the repeater to act as a 802.1x/EAP client for the chosen method. The following example
shows EAP-FAST configuration:
Command Purpose
Step1 eap profile profile-name Enter the name of a profile, that will be used by the repeater to
determine which authentication method should be used.
Step2 method fast Configure EAP-FAST as the method to be used.
Step3 dot1x credentials name Configure user credentials that the repeater will use to
authenticate to the wireless infrastructure.
Step4 username user-name Configure a username within the dot1x credentials.
Step5 password 0 password Configure the password to use when the repeater will authenticate
to the infrastructure.
Step6 exit Return to privileged EXEC mode.
Step7 dot11 ssid ssid-name Create a new SSID.
Step8 authentication open eap
eap_methods
Allow Open+ EAP authentication (EAP-FAST or other).
Step9 authentication network-eap
eap_methods
Allow LEAP authentication. LEAP is not the method of choice in
this example, but LEAP is the default method. You need to enable
LEP to trigger the 802.1x/EAP process. The EAP profile will
determine which method should actually be used.
Step10 authentication key-management
wpa version 2
Set key management to WPA version 2.
Step11 dot1x credentials name Use the dot1x credentials created in for when the repeater
authenticates to the wireless infrastructure. The credentials
defined in the dot1x credentials profile will be used.
Step12 dot1x eap profile EAP-only Use the EAP-only profile created above for when the repeater
authenticates to the wireless infrastructure. The method defined
in the eap profile, EAP-FAST in this example, will be used