Cisco Wap125 Wireless-Ac/N Dual Band Desktop Access Point With Poe - Cisco WAP125 Administrator's Manual

Wireless-ac/n dual band desktop access point with poe

Hide thumbs Also See for WAP125:

Quick start manual (13 pages)

Manual (10 pages)

Quick start manual (14 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

page of 114

/ 114
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring Security Settings

WPA Enterprise

The WPA Enterprise with RADIUS is an implementation of the Wi-Fi Alliance IEEE 802.11i standard, which

includes CCMP (AES), and TKIP encryption. The Enterprise mode requires the use of a RADIUS server to

authenticate the users.

This security mode is backwards-compatible with the wireless clients that support the original WPA.

The dynamic VLAN mode is enabled by default, which allows RADIUS authentication server to decide which

VLAN is used for the stations.

These parameters configure WPA Enterprise:

• WPA Versions — Choose the types of client stations to be supported. The options are:

• Enable Pre-authentication — If you choose only WPA2 or both WPA and WPA2 as the WPA version,

you can enable pre-authentication for the WPA2 clients.

Check this option if you want the WPA2 wireless clients to send the pre-authentication packets. The

pre-authentication information is relayed from the WAP device that the client is currently using to the

target WAP device. Enabling this feature can help speed up the authentication for roaming clients who

connect to multiple APs.

This option does not apply if you selected WPA for WPA versions because the original WPA does not

support this feature.

Client stations configured to use WPA with RADIUS must have one of these addresses and keys:

• PMF (Protection Management Frame)— Provides security for the unencrypted 802.11 management

frames. When Security Mode is disabled or WEP, the PMF is set to No PMF and is not editable (Hidden

or Grey).When the security Mode is set to WPA2-xxx, the PMF is Capable by default and is editable.

The following three check box values can be configured for it.

Note

Cisco WAP125 Wireless-AC/N Dual Band Desktop Access Point with PoE

◦WPA-TKIP — The network has some client stations that only support original WPA and TKIP

security protocol. Note that selecting only WPA-TKIP for the access point is not allowed as per

the latest Wi-Fi Alliance requirement.

◦WPA2-AES — All client stations on the network support WPA2 version and AES-CCMP cipher/

security protocol. This provides the best security per the IEEE 802.11i standard. As per the latest

Wi-Fi Alliance requirement, the AP has to support this mode all the time.

◦ A valid TKIP RADIUS IP address and RADIUS key

◦ A valid CCMP (AES) IP address and RADIUS key

◦ Not Required

◦ Capable

◦ Required

WiFi Alliance requires PMF to be enabled with default setting of Capable. You may

disable it when non-compliant wireless clients experience instability or connectivity

issues.

Wireless

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Cisco Wap125 Wireless-Ac/N Dual Band Desktop Access Point With Poe - Cisco WAP125 Administrator's Manual

Cisco WAP125 Wireless-AC/N Dual Band Desktop Access Point with PoE

Hide quick links:

Related Manuals for Cisco WAP125

Related Content for Cisco WAP125

Table of Contents