Cisco Systems OL-6415-04 - page 106

6-18

Cisco Wireless ISR and HWIC Access Point Configuration Guide

OL-6415-04

Chapter 6 Configuring Authentication Types

Matching Access Point and Client Device Authentication Types

EAP-MD5 authentication

If using ACU to

configure card

Create a WEP key, enable Host

Based EAP, and enable Use Static

WEP Keys in ACU and select

Enable network access control

using IEEE 802.1X and

MD5-Challenge as the EAP Type

in Windows 2000 (with Service

Pack 3) or Windows XP

Set up and enable WEP and enable

EAP and Open authentication for

the SSID

If using Windows XP

to configure card

Select Enable network access

control using IEEE 802.1X and

MD5-Challenge as the EAP Type

Set up and enable WEP and enable

EAP and Open Authentication for

the SSID

PEAP authentication

If using ACU to

configure card

Enable Host Based EAP and Use

Dynamic WEP Keys in ACU and

select Enable network access

control using IEEE 802.1X and

PEAP as the EAP Type in Windows

2000 (with Service Pack 3) or

Windows XP

Set up and enable WEP and enable

EAP and Open authentication for

the SSID

If using Windows XP

to configure card

Select Enable network access

control using IEEE 802.1X and

PEAP as the EAP Type

Set up and enable WEP and enable

Require EAP and Open

Authentication for the SSID

EAP-SIM authentication

If using ACU to

configure card

Enable Host Based EAP and Use

Dynamic WEP Keys in ACU and

select Enable network access

control using IEEE 802.1X and

SIM Authentication as the EAP

Type in Windows 2000 (with

Service Pack 3) or Windows XP

Set up and enable WEP with full

encryption and enable EAP and

Open authentication for the SSID

If using Windows XP

to configure card

Select Enable network access

control using IEEE 802.1X and

SIM Authentication as the EAP

Type

Set up and enable WEP with full

encryption and enable Require EAP

and Open Authentication for the

SSID

1.

Table 6-2 Client and Access Point Security Settings (continued)

Security Feature Client Setting Access Point Setting

Contents

Main Page CONTENTS Page Page Page Page Page Preface Audience Purpose Organization Conventions Page Related Publications Obtaining Documentation Cisco.com Product Documentation DVD Ordering Documentation Documentation Feedback Cisco Product Security Overview Reporting Security Problems in Cisco Products Obtaining Technical Assistance Cisco Technical Support & Documentation Website Submitting a Service Request Definitions of Service Request Severity Obtaining Additional Publications and Information Page Overview Wireless Device Management Network Configuration Example Root Unit on a Wired LAN Features Page Page Page Configuring Radio Settings Enabling the Radio Interface Roles in Radio Network Configuring Network or Fallback Role 2-4 Bridge Features Not Supported Sample Bridging Configuration The following is a sample of a Root Bridge Configuration: 2-5 The following is a sample of Non-Root Bridge Configuration: 2-6 Universal Client Mode Configuring Universal Client Mode Page 2-9 Configuring Radio Data Rates Page Configuring Radio Transmit Power Limiting the Power Level for Associated Client Devices Configuring Radio Channel Settings Page Page Page Page DFS Automatically Enabled on Some 5-GHz Radio Channels Confirming that DFS is Enabled Blocking Channels from DFS Selection Enabling and Disabling World Mode Enabling and Disabling Short Radio Preambles Configuring Transmit and Receive Antennas Disabling and Enabling Access Point Extensions Configuring the Ethernet Encapsulation Transformation Method Enabling and Disabling Reliable Multicast to Workgroup Bridges Enabling and Disabling Public Secure Packet Forwarding Configuring Protected Ports Configuring Beacon Period and DTIM Configuring RTS Threshold and Retries Configuring Maximum Data Retries Configuring Fragmentation Threshold Enabling Short Slot Time for 802.11g Radios Performing a Carrier Busy Test Page Configuring Multiple SSIDs Understanding Multiple SSIDs SSID Configuration Methods Supported by Cisco IOS Releases Configuring Multiple SSIDs Creating an SSID Globally Page Viewing SSIDs Configured Globally Using Spaces in SSIDs Using a RADIUS Server to Restrict SSIDs Configuring Multiple Basic SSIDs Requirements for Configuring Multiple BSSIDs Guidelines for Using Multiple BSSIDs CLI Configuration Example Displaying Configured BSSIDs Enabling MBSSID and SSIDL at the same time 3-8 Use the no form of the command to disable SSIDL IEs. Sample Configuration for Enabling MBSSID and SSIDL Below is a sample configuration for enabling MBSSID: Below is a sample configuration for enabling SSIDL: 3-9 Page Configuring an Access Point as a Local Authenticator Understand Local Authentication Configure a Local Authenticator Guidelines for Local Authenticators Configuration Overview Configuring the Local Authenticator Access Point Page Page 4-6 This example shows how to set up EAP-FAST authentication: 4-7 Configuring Other Access Points to Use the Local Authenticator Configuring EAP-FAST Settings Configuring PAC Settings PAC Expiration Times Generating PACs Manually Configuring an Authority ID Configuring Server Keys Possible PAC Failures Caused by Access Point Clock Limiting the Local Authenticator to One Authentication Type Unblocking Locked Usernames Viewing Local Authenticator Statistics Using Debug Messages Configuring Encryption Types Understand Encryption Types Configure Encryption Types Creating WEP Keys WEP Key Restrictions Example WEP Key Setup Creating Cipher Suites Cipher Suites Compatible with WPA Enabling and Disabling Broadcast Key Rotation Security Type in Universal Client Mode Universal client configuration Page 5-11 Page Configuring Authentication Types Understand Authentication Types Open Authentication to Access Point Shared Key Authentication to Access Point EAP Authentication to Network MAC Address Authentication to the Network Combining MAC-Based, EAP, and Open Authentication Using WPA Key Management Page Software and Firmware Requirements for WPA and WPA-TKIP Configure Authentication Types Assigning Authentication Types to an SSID Page Page Configuring WPA Migration Mode Configuring Additional WPA Settings Setting a Pre-Shared Key Configuring Group Key Updates Configuring MAC Authentication Caching Configuring Authentication Holdoffs, Timeouts, and Intervals Matching Access Point and Client Device Authentication Types Page Page Configuring RADIUS Servers Configuring and Enabling RADIUS Understanding RADIUS RADIUS Operation Configuring RADIUS Default RADIUS Configuration Identifying the RADIUS Server Host Page Configuring RADIUS Login Authentication Page Defining AAA Server Groups Page Configuring RADIUS Authorization for User Privileged Access and Network Services Starting RADIUS Accounting Selecting the CSID Format Configuring Settings for All RADIUS Servers Configuring the Access Point to Use Vendor-Specific RADIUS Attributes Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication Configuring WISPr RADIUS Attributes Displaying the RADIUS Configuration RADIUS Attributes Sent by the Access Point Page Page Configuring VLANs Understanding VLANs Related Documents Incorporating Wireless Devices into VLANs Configuring VLANs Configuring a VLAN Page Assigning Names to VLANs Guidelines for Using VLAN Names Creating a VLAN Name Using a RADIUS Server to Assign Users to VLANs Viewing VLANs Configured on the Access Point VLAN Configuration Example 8-10 Table 8-2 shows the commands needed to configure the three VLANs in this example. Tab l e 8-2 Configuration Commands for VLAN Example Configuring VLAN 1 Configuring VLAN 2 Configuring VLAN 3 Tab l e 8-3 Results of Example Configuration Commands Page Page Configuring QoS Understanding QoS for Wireless LANs QoS for Wireless LANs Versus QoS on Wired LANs Impact of QoS on a Wireless LAN Precedence of QoS Settings Using Wi-Fi Multimedia Mode Configuring QoS Configuration Guidelines Adjusting Radio Access Categories Disabling IGMP Snooping Helper Sample Configuration Using the CLI A Channel Settings IEEE 802.11b (2.4-GHz Band) IEEE 802.11g (2.4-GHz Band) IEEE 802.11a (5-GHz Band) Page Page B Protocol Filters Page Page Page Page Page C Supported MIBs MIB List Using FTP to Access the MIB Files D Error and Event Messages How to Read System Messages Message Traceback Reports Association Management Messages 802.11 Subsystem Messages Page Page Page Page Page Page Page Page Local Authenticator Messages GLOSSARY A B C D E F G I M O P Q S T U W Page INDEX Numerics A B C D E F G I J N O P Q S T V W