IKE Phase 1 Aggressive and Main Modes

IPSec IKE uses the Phase 1 Aggressive (faster) or Main (more secure) mode to set up encryption between clients and the Cisco Wireless LAN Controller.

Use the show wlan command to see if the Cisco Wireless LAN Controller has IPSec IKE Aggressive mode enabled.

If necessary, use the following command to configure the IKE Aggressive or Main mode on a WLAN with IPSec enabled:

>config wlan security ipsec ike phase1 [aggressive/main] <WLAN id>

where <WLAN id> = 1 through 16.

Use the show wlan command to verify that you have IPSec IKE Aggressive or Main mode enabled.

IKE Lifetime Timeout

IPSec IKE uses its timeout to limit the time that an IKE key is active.

Use the show wlan command to see the current IPSec IKE lifetime timeout.

Use the following command to configure the IKE lifetime on a WLAN with IPSec enabled:

>config wlan security ipsec ike lifetime <WLAN id> <seconds>

where <WLAN id> = 1 through 16, and <seconds> = 1800 through 345600 seconds (default = 28800 seconds).

Use the show wlan command to verify that you have IPSec IKE timeout properly set.

IPSec Passthrough

IPSec IKE uses IPSec Passthrough to allow IPSec-capable clients to communicate directly with other IPSec equipment. IPSec Passthrough is also known as VPN Passthrough.

Use the show wlan command to see the current IPSec passthrough status.

Use the following command to configure IKE passthrough for a WLAN:

>config wlan security passthru [enable/disable] <WLAN id> [gateway]

where <WLAN id> = 1 through 16, and [gateway] = IP Address of IPSec (VPN) passthrough gateway.

Use the show wlan command to verify that you have IPSec passthrough properly set.

Web Based Authentication

WLANs can use Web Authentication if IPSec is not enabled on the Cisco Wireless LAN Controller. Web Authentication is simple to set up and use, and can be used with SSL to improve the overall security of the wireless LAN.

Use the show wlan command to see the current Web Authentication status.

Use the following command to configure Web Authentication for a WLAN:

>config wlan security web [enable/disable] <WLAN id>

where <WLAN id> = 1 through 16.

Use the show wlan command to verify that you have Web Authentication properly set.

5/26/05

Local MAC Filter

OL-7426-03

 

Page 143 Page 145
Page 144
Image 144
Cisco Systems OL-7426-03 quick start Config wlan security ipsec ike lifetime Wlan id seconds
Page 143 Page 145
Top Page Image Contents