Configuring for Authenticating Users 69
and how to configure it, see the Wireless LAN Switch and Controller
Configuration Guide.)
Configuring a Service Profile
A service profile controls advertisement and encryption for an SSID. You
can specify the following:
■ Whether SSIDs that use the service profile are beaconed
■ Whether the SSIDs are encrypted or clear (unencrypted)
■ For encrypted SSIDs, the encryption settings to use
■ The fallthru authentication method for users that are not
authenticated with 802.1X or MAC authentication. The fallthru
method can be Web, last-resort, or none. (See “Configuring for
Authenticating Users” on page 60.)
Table 12 lists the parameters controlled by a service profile and their
default values.
Table 12 Defaults for Service Profile Parameters
Parameter
Default
Value
Radio Behavior When Parameter Set To
Default Value
auth-dot1x enable When the Wi-Fi Protected Access (WPA)
information element (IE) is enabled, uses 802.1X
to authenticate WPA clients.
auth-fallthru web-auth Uses Web AAA for users who do not match an
802.1X or MAC authentication rule for the SSID
requested by the user.
auth-psk disable Does not support using a preshared key (PSK) to
authenticate WPA clients.
beacon enable Sends beacons to advertise the SSID managed by
the service profile.
cipher-ccmp disable Does not use Counter with Cipher Block Chaining
Message Authentication Code Protocol (CCMP) to
encrypt traffic sent to WPA clients.
cipher-tkip enable When the WPA IE is enabled, uses Temporal Key
Integrity Protocol (TKIP) to encrypt traffic sent to
WPA clients.
cipher-wep104 disable Does not use Wired Equivalent Privacy (WEP) with
104-bit keys to encrypt traffic sent to WPA clients.
To Next Page
Loading...
