Cisco Systems IOS Releases 15.2(4)JA Universal Remote User Manual


 
12-28
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection
Configuring Management Frame Protection
Beginning in privileged EXEC mode, follow these steps to configure the WDS:
Management Frame Protection with 802.11w
The current 802.11 standard defines frame types for use in the management and control of wireless links.
The management frames, included in the 802.11 protocol, are neither authenticated nor encrypted, even
when the highest level of WLAN security are used. 802.11w is the Protected Management Frames
standard for the IEEE 802.11 family of standards.
802.11w increases the security of the management frames by offering three new security pieces:
Data Origin Authenticity
Replay Detection
Robust Management Frame Protection.
The Management frames that can be protected are:
Disassociation
Deauthentication
Robust Action frames excluding Public Action frames
802.11w is also used to prevent association request replay attack.
Perform these steps to enable 802.11w:
Step 1 Browse to the Secuirty page on the access point GUI.
Step 2 Select SSID Manager.
Step 3 From the Client Authenticated Key Management page, click the 11w Configuration Required radio
button.
Step 4 Enter the 11w Association-comeback time.
Step 5 Enter the 11w Saquery-retry time.
Step 5
end Return to the privileged EXEC mode.
Step 6
copy running-config
startup-config
(Optional) Save your entries in the configuration file.
Command Description
Command Description
Step 1
configure terminal Enter global configuration mode.
Step 2
dot11 ids mfp distributor Configures the WDS as an MFP distributor. When enabled, the
WDS manages signature keys, used to create the MIC IEs, and
securely transfers them between generators and detectors.
Step 3
end Return to the privileged EXEC mode.
Step 4
copy running-config
startup-config
(Optional) Save your entries in the configuration file.