Cisco Systems OL-6415-04

6-11

Cisco Wireless ISR and HWIC Access Point Configuration Guide

OL-6415-04

Chapter 6 Configuring Authentication Types

Configure Authentication Types

Step 4 authentication shared

[mac-address list-name]

[eap list-name]

(Optional) Set the authentication type for the SSID to shared

key.

Note Because of shared key's security flaws, Cisco

recommends that you avoid using it.

Note You can assign shared key authentication to only one

SSID.

• (Optional) Set the SSID’s authentication type to shared key

with MAC address authentication. For list-name, specify

the authentication method list.

• (Optional) Set the SSID’s authentication type to shared key

with EAP authentication. For list-name, specify the

authentication method list.

Step 5 authentication network-eap

list-name

[mac-address list-name]

(Optional) Set the authentication type for the SSID to

Network-EAP. Using the Extensible Authentication Protocol

(EAP) to interact with an EAP-compatible RADIUS server, the

access point helps a wireless client device and the RADIUS

server to perform mutual authentication and derive a dynamic

unicast WEP key. However, the access point does not force all

client devices to perform EAP authentication.

• (Optional) Set the SSID’s authentication type to

Network-EAP with MAC address authentication. All client

devices that associate to the access point are required to

perform MAC-address authentication. For list-name,

specify the authentication method list.

Step 6 authentication key-management

{ [wpa]} [ optional ]

(Optional) Set the authentication type for the SSID to WPA. If

you use the optional keyword, client devices other than WPA

clients can use this SSID. If you do not use the optional

keyword, only WPA client devices are allowed to use the SSID.

When Network EAP is enabled for an SSID, client devices

using LEAP, EAP-FAST, PEAP/GTC, MSPEAP, and EAP-TLS

can authenticate using the SSID.

To enable WPA for an SSID, you must also enable Open

authentication or Network-EAP or both.

Note Before you can enable WPA, you must set the

encryption mode for the SSID’s VLAN to one of the

cipher suite options. See the “Configure Encryption

Types” section on page 5-3 for instructions on

configuring the VLAN encryption mode.

Note If you enable WPA for an SSID without a pre-shared

key, the key management type is WPA. If you enable

WPA with a pre-shared key, the key management type

is WPA-PSK. See the “Configuring Additional WPA

Settings” section on page 6-13 for instructions on

configuring a pre-shared key.

Command Purpose