Cisco Systems 12.4(25d)JA Universal Remote User Manual


 
11-12
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Chapter 11 Configuring Authentication Types
Configuring Authentication Types
Step 5
authentication network-eap
list-name
[mac-address list-name]
(Optional) Set the authentication type for the SSID to
Network-EAP. Using the Extensible Authentication Protocol
(EAP) to interact with an EAP-compatible RADIUS server, the
access point helps a wireless client device and the RADIUS
server to perform mutual authentication and derive a dynamic
unicast WEP key. However, the access point does not force all
client devices to perform EAP authentication.
(Optional) Set the SSID’s authentication type to
Network-EAP with MAC address authentication. All client
devices that associate to the access point are required to
perform MAC-address authentication. For list-name,
specify the authentication method list.
Step 6
authentication key-management
{[wpa] [cckm] } [ optional ]
(Optional) Set the authentication type for the SSID to WPA,
CCKM, or both. If you use the optional keyword, client
devices other than WPA and CCKM clients can use this SSID.
If you do not use the optional keyword, only WPA or CCKM
client devices are allowed to use the SSID.
To enable CCKM for an SSID, you must also enable
Network-EAP authentication. When CCKM and Network EAP
are enabled for an SSID, client devices using LEAP,
EAP-FAST, PEAP/GTC, MSPEAP, EAP-TLS, and EAP-FAST
can authenticate using the SSID.
To enable WPA for an SSID, you must also enable Open
authentication or Network-EAP or both.
Note When you enable both WPA and CCKM for an SSID,
you must enter wpa first and cckm second. Any WPA
client can attempt to authenticate, but only CCKM
voice clients can attempt to authenticate.
Note Before you can enable CCKM or WPA, you must set
the encryption mode for the SSID’s VLAN to one of the
cipher suite options. To enable both CCKM and WPA,
you must set the encryption mode to a cipher suite that
includes TKIP. See the “Configuring Cipher Suites and
WEP” section on page 10-3 for instructions on
configuring the VLAN encryption mode.
Note If you enable WPA for an SSID without a preshared
key, the key management type is WPA. If you enable
WPA with a preshared key, the key management type is
WPA-PSK. See the “Configuring Additional WPA
Settings” section on page 11-14 for instructions on
configuring a preshared key.
See the Configuring WDS, Fast Secure Roaming, Radio
Management, and Wireless Intrusion Detection Services for
detailed instructions on setting up your wireless LAN to use
CCKM and a subnet context manager.
Command Purpose