Cisco Router 860, 880 Series User Manual
Here you can view all the pages of manual Cisco Router 860, 880 Series User Manual. The Cisco manuals for Router are available online for free. You can easily download all the documents as PDF.
Page 181
Authentication Types for Wireless Devices Understanding Authentication Types 3 Authentication Types for Wireless Devices OL-15914-01 Both the unencrypted challenge and the encrypted challenge can be monitored, however, which leaves the access point open to attack from an intruder who calculates the WEP key by comparing the unencrypted and encrypted text strings. Because of this weakness, shared key authentication can be less secure than open authentication. Like open authentication, shared key...
Page 182
Authentication Types for Wireless Devices Understanding Authentication Types 4 Authentication Types for Wireless Devices OL-15914-01 Figure 3 Sequence for EAP Authentication In Steps 1 through 9 in Figure 3, a wireless client device and a RADIUS server on the wired LAN use 802.1x and EAP to perform a mutual authentication through the access point. The RADIUS server sends an authentication challenge to the client. The client uses a one-way encryption of the user-supplied password to generate a...
Page 183
Authentication Types for Wireless Devices Understanding Authentication Types 5 Authentication Types for Wireless Devices OL-15914-01 MAC Address Authentication to the Network The access point relays the wireless client device’s MAC address to a RADIUS server on your network, and the server checks the address against a list of allowed MAC addresses. Intruders can create counterfeit MAC addresses, so MAC-based authentication is less secure than EAP authentication. However, MAC-based authentication...
Page 184
Authentication Types for Wireless Devices Understanding Authentication Types 6 Authentication Types for Wireless Devices OL-15914-01 Combining MAC-Based, EAP, and Open Authentication You can set up the access point to authenticate client devices using a combination of MAC-based and EAP authentication. When you enable this feature, client devices that associate to the access point using 802.11 open authentication first attempt MAC authentication; if MAC authentication succeeds, the client device...
Page 185
Authentication Types for Wireless Devices Understanding Authentication Types 7 Authentication Types for Wireless Devices OL-15914-01 Using WPA Key Management Wi-Fi Protected Access is a standards-based, interoperable security enhancement that strongly increases the level of data protection and access control for existing and future wireless LAN systems. It is derived from and will be forward-compatible with the upcoming IEEE 802.11i standard. WPA leverages TKIP (Temporal Key Integrity Protocol)...
Page 186
Authentication Types for Wireless Devices Configuring Authentication Types 8 Authentication Types for Wireless Devices OL-15914-01 Figure 6 WPA Key Management Process Configuring Authentication Types This section describes how to configure authentication types. You attach configuration types to the SSIDs. See Service Set Identifier (SSID) for details on setting up multiple SSIDs. This section contains these topics: Assigning Authentication Types to an SSID, page 9 Configuring Authentication...
Page 187
Authentication Types for Wireless Devices Configuring Authentication Types 9 Authentication Types for Wireless Devices OL-15914-01 Assigning Authentication Types to an SSID To configure authentication types for SSIDs, follow these steps, beginning in privileged EXEC mode: CommandPurpose Step 1configure terminalEnters global configuration mode. Step 2dot11 ssid ssid-stringCreates an SSID and enter SSID configuration mode for the new SSID. The SSID can consist of up to 32 alphanumeric characters....
Page 188
![Page 188
Authentication Types for Wireless Devices
Configuring Authentication Types
10
Authentication Types for Wireless Devices
OL-15914-01
Step 3authentication open
[mac-address list-name [alternate]]
[[optional] eap list-name]
(Optional) Sets the authentication type to open for this SSID.
Open authentication allows any device to authenticate and then
attempt to communicate with the access point.
(Optional) Set the SSID’s authentication type to open with
MAC address authentication. The access...](http://img.usermanuals.tech/thumb/17/102935/w300_index.html@nav=null&now=get&message=Downloading&file=SCG880-860-187.png "Page 188
Authentication Types for Wireless Devices
Configuring Authentication Types
10
Authentication Types for Wireless Devices
OL-15914-01
Step 3authentication open
[mac-address list-name [alternate]]
[[optional] eap list-name]
(Optional) Sets the authentication type to open for this SSID.
Open authentication allows any device to authenticate and then
attempt to communicate with the access point.
(Optional) Set the SSID’s authentication type to open with
MAC address authentication. The access...")
Authentication Types for Wireless Devices Configuring Authentication Types 10 Authentication Types for Wireless Devices OL-15914-01 Step 3authentication open [mac-address list-name [alternate]] [[optional] eap list-name] (Optional) Sets the authentication type to open for this SSID. Open authentication allows any device to authenticate and then attempt to communicate with the access point. (Optional) Set the SSID’s authentication type to open with MAC address authentication. The access...
Page 189
![Page 189
Authentication Types for Wireless Devices
Configuring Authentication Types
11
Authentication Types for Wireless Devices
OL-15914-01
Use the no form of the SSID commands to disable the SSID or to disable SSID features.
Step 5authentication network-eap
list-name
[mac-address list-name]
(Optional) Sets the authentication type for the SSID to
Network-EAP. Using the Extensible Authentication Protocol
(EAP) to interact with an EAP-compatible RADIUS server, the
access point helps a wireless client...](http://img.usermanuals.tech/thumb/17/102935/w300_index.html@nav=null&now=get&message=Downloading&file=SCG880-860-188.png "Page 189
Authentication Types for Wireless Devices
Configuring Authentication Types
11
Authentication Types for Wireless Devices
OL-15914-01
Use the no form of the SSID commands to disable the SSID or to disable SSID features.
Step 5authentication network-eap
list-name
[mac-address list-name]
(Optional) Sets the authentication type for the SSID to
Network-EAP. Using the Extensible Authentication Protocol
(EAP) to interact with an EAP-compatible RADIUS server, the
access point helps a wireless client...")
Authentication Types for Wireless Devices Configuring Authentication Types 11 Authentication Types for Wireless Devices OL-15914-01 Use the no form of the SSID commands to disable the SSID or to disable SSID features. Step 5authentication network-eap list-name [mac-address list-name] (Optional) Sets the authentication type for the SSID to Network-EAP. Using the Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server, the access point helps a wireless client...
Page 190
Authentication Types for Wireless Devices Configuring Authentication Types 12 Authentication Types for Wireless Devices OL-15914-01 This example sets the authentication type for the SSID batman to Network-EAP with CCKM authenticated key management. Client devices using the SSID batman authenticate using the adam server list. After they are authenticated, CCKM-enabled clients can perform fast reassociations using CCKM. ap1200# configure terminal ap1200(config-if)# ssid batmanap1200(config-ssid)#...