Cisco Router 860, 880 Series User Manual
Here you can view all the pages of manual Cisco Router 860, 880 Series User Manual. The Cisco manuals for Router are available online for free. You can easily download all the documents as PDF.
Page 191
Authentication Types for Wireless Devices Configuring Authentication Types 13 Authentication Types for Wireless Devices OL-15914-01 Configuring Additional WPA Settings Use two optional settings to configure a pre-shared key on the access point and to adjust the frequency of group key updates. Setting a Pre-Shared Key To support WPA on a wireless LAN where 802.1X-based authentication is not available, you must configure a pre-shared key on the access point. You can enter the pre-shared key in...
Page 192
Authentication Types for Wireless Devices Configuring Authentication Types 14 Authentication Types for Wireless Devices OL-15914-01 This example shows how to configure a pre-shared key for clients using WPA and static WEP, with group key update options: ap# configure terminalap(config-if)# ssid batman ap(config-ssid)# wpa-psk ascii batmobile65 ap(config)# interface dot11radio 0ap(config-ssid)# ssid batman ap(config-if)# exit ap(config)# broadcast-key vlan 87 membership-termination...
Page 193
Authentication Types for Wireless Devices Configuring Authentication Types 15 Authentication Types for Wireless Devices OL-15914-01 Configuring Authentication Holdoffs, Timeouts, and Intervals To configure holdoff times, reauthentication periods, and authentication timeouts for client devices authenticating through your access point, follow these steps, beginning in privileged EXEC mode: CommandPurpose Step 1configure terminalEnters global configuration mode. Step 2dot11 holdoff-time secondsEnters...
Page 194
Authentication Types for Wireless Devices Configuring the 802.1X Supplicant 16 Authentication Types for Wireless Devices OL-15914-01 Use the no form of these commands to reset the values to default settings. Configuring the 802.1X Supplicant Traditionally, the dot1x authenticator and client have always been a network device and a PC client respectively, as it was the PC user that had to authenticate to gain access to the network. However, wireless networks introduce unique challenges to the...
Page 195
Authentication Types for Wireless Devices Configuring the 802.1X Supplicant 17 Authentication Types for Wireless Devices OL-15914-01 Use the no form of the dot1x credentials command to negate a parameter. The following example creates a credentials profile named test with the username Cisco and a the unencrypted password Cisco: ap>enable Password:xxxxxxxap# config terminal Enter configuration commands, one per line. End with CTRL-Z. ap(config)# dot1x credentials...
Page 196
Authentication Types for Wireless Devices Configuring the 802.1X Supplicant 18 Authentication Types for Wireless Devices OL-15914-01 Applying the Credentials Profile to an SSID Used For the Uplink If you have a repeater access point in your wireless network and are using the 802.1X supplicant on the root access point, you must apply the 802.1X supplicant credentials to the SSID that the repeater uses to associate with and authenticate to the root access point. To apply the credentials to an SSID...
Page 197
Authentication Types for Wireless Devices Configuring the 802.1X Supplicant 19 Authentication Types for Wireless Devices OL-15914-01 Use the no command to negate a command or to set its defaults. Use the show eap registrations method command to view the currently available (registered) EAP methods. Use the show eap sessions command to view existing EAP sessions. Applying an EAP Profile to the Fast Ethernet Interface This operation normally applies to root access points. To apply an EAP profile to...
Page 198
Authentication Types for Wireless Devices Matching Access Point and Client Device Authentication Types 20 Authentication Types for Wireless Devices OL-15914-01 Matching Access Point and Client Device Authentication Types To use the authentication types described in this section, the access point authentication settings must match the authentication settings on the client adapters that associate to the access point. See the Cisco Aironet Wireless LAN Client Adapters Installation and Configuration...
Page 199
Authentication Types for Wireless Devices Matching Access Point and Client Device Authentication Types 21 Authentication Types for Wireless Devices OL-15914-01 EAP-FAST authentication with WPAEnable EAP-FAST and Wi-Fi Protected Access (WPA), and enable automatic provisioning or import a PAC file. To allow the client to associate to both WPA and non-WPA access points, enable Allow Association to both WPA and non-WPA authenticators. Select a cipher suite that includes TKIP, set up and enable...
Page 200
Authentication Types for Wireless Devices Matching Access Point and Client Device Authentication Types 22 Authentication Types for Wireless Devices OL-15914-01 If using Windows XP to configure cardSelect Enable network access control using IEEE 802.1X and MD5-Challenge as the EAP Ty p e .Set up and enable WEP, and enable EAP and Open Authentication for the SSID. PEAP authentication If using ACU to configure cardEnable Host Based EAP and Use Dynamic WEP Keys in ACU, and select Enable network...