for
-
Note: One unique WEP Key Index can be applied to each WLAN. Because there are only four
Dynamic WPA Keys and Encryption
Cisco Wireless LAN Controllers can only control WPA
•Use the show wlan <wlan id> command to check the security settings of each WLAN. The default is 802.1X with dynamic keys enabled.
•If you want to configure the
>config wlan security 802.1X disable <wlan id>
where <wlan id> = 1 through 16.
•Then configure authorization and dynamic key exchange on 802.1X disabled WLANs using the following commands:
>config wlan security wpa | enable <wlan id> | |
>config wlan security wpa | encryption | |
>config wlan security | wpa | encryption tkip <wlan id> |
>config wlan security | wpa | encryption wep <wlan id> [40/104/128] |
where <wlan id> = 1 through 16, and [40/104/128] = 40/64, 104/128, or 128/156 encryption bits (default = 104).
•Use the show wlan command to verify that you have WPA enabled.
Layer 3 Security
Note: WLANs are created in disabled mode; leave them disabled until you have finished configuring them.
Note: Using Layer 3 security requires that the Cisco 4100 Series Wireless LAN Controller be equipped with an VPN/Enhanced Security Module (Crypto Module). The module plugs into the rear of the Cisco 4100 Series Wireless LAN Controller, and provides the extra processing power needed for
IPSec
IPSec (Internet Protocol Security) supports many Layer 3 security protocols.
•Use the show wlan command to show the current IPSec configuration.
•Use the following command to enable IPSec on a WLAN:
>config wlan security ipsec [enable/disable] <WLAN id>
where <WLAN id> = 1 through 16.
•Use the show wlan command to verify that you have IPSec enabled.
5/26/05 | Local MAC Filter |
|
