251
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring the Wireless Device
Configuring Wireless Settings
Configuring Wireless Security Settings
• Configuring Authentication, page 251
• Configuring WEP and Cipher Suites, page 252
• Configuring Wireless VLANs, page 252
• Configuring the Access Point in Hot Standby Mode, page 255
Configuring Authentication
Authentication types are tied to the Service Set Identifiers (SSIDs) that are configured for the access
point. If you want to serve different types of client devices with the same access point, configure multiple
SSIDs.
Before a wireless client device can communicate on your network through the access point, it must
authenticate to the access point by using open or shared-key authentication. For maximum security,
client devices should also authenticate to your network using MAC-address or Extensible Authentication
Protocol (EAP) authentication. Both of these authentication types rely on an authentication server on
your network.
See Authentication Types for Wireless Devices at Cisco.com to select an authentication type:
http://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/
SecurityAuthenticationTypes.html
See RADIUS and TACACS+ Servers in a Wireless Environment at Cisco.com to set up a maximum
security environment: http://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/
SecurityRadiusTacacs_1.html.
Configuring Access Point as Local Authenticator
To provide local authentication service or backup authentication service for a WAN link failure or
circumstance where a server fails, you can configure an access point to act as a local authentication
server. The access point can authenticate up to 50 wireless client devices using Light Extensible
Authentication Protocol (LEAP), Extensible Authentication Protocol-Flexible Authentication Secure
Tunneling (EAP-FAST), or MAC-based authentication. The access point performs up to five
authentications per second.
You configure the local authenticator access point manually with client user names and passwords
because it does not synchronize its database with Remote Authentication Dial-In User Service
(RADIUS) servers. You can specify a VLAN and a list of SSIDs that a client is allowed to use.
See Using the Access Point as a Local Authenticator at Cisco.com for details about setting up the
wireless device in this role: http://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/
SecurityLocalAuthent.html
To Next Page
Loading...
Need help?
General
