•To remove a VLAN assignment from a WLAN, use the following command:
>config wlan vlan <WLAN id> untagged
where <WLAN id> = 1 through 16.
•Use the show wlan <wlan id> command to verify that you have correctly assigned a VLAN to the WLAN.
Layer 2 Security
Note: WLANs are created in disabled mode; leave them disabled until you have finished configuring them.
Dynamic 802.1X Keys and Authorization
Cisco Wireless LAN Controllers can control 802.1X dynamic keys using EAP (extensible authentication protocol) across Cisco 1000 Series lightweight access points, and supports 802.1X dynamic key settings for the Cisco 1000 Series lightweight access point WLAN(s).
•Use the show wlan <wlan id> command to check the security settings of each WLAN. The default for new WLANs is 802.1X with dynamic keys enabled. If you want to keep a robust Layer 2 policy, leave 802.1X on.
•If you want to change the 802.1X configuration, use the following commands:
>config wlan security 802.1X [enable/disable] <wlan id>
where <WLAN id> = 1 through 16.
•If you want to change the 802.1X encryption for a Cisco 1000 Series lightweight access point WLAN, use the following command:
>config wlan security 802.1X encryption <wlan id> [40/104/128]
where <WLAN id> = 1 through 16, and [40/104/128] = 40/64, 104/128 (default) or 128/152 encryption bits (default = 104/128).
WEP Keys
Cisco Wireless LAN Controllers can control WEP keys across Cisco 1000 Series lightweight access points.
•Use the show wlan <wlan id> command to check the security settings of each WLAN. The default is 802.1X with dynamic keys enabled.
•If you want to configure the
>config wlan security 802.1X disable <wlan id>
where <wlan id> = 1 through 16.
•Then configure 40/64, 104/128 or 128/152 bit WEP keys on 802.1X disabled WLANs using the following command:
>config wlan security
where:
-<wlan id> = 1 through 16;
-[hex/ascii] = key character format;
-<key> = Ten hexadecimal digits (any combination of
5/26/05 | Local MAC Filter |
|
