Configuring Wireless LANs
Configuring a Wireless LAN for Both Static and Dynamic WEP
You can configure up to four wireless LANs to support static WEP keys, and you can also configure
dynamic WEP on any of these static-WEP wireless LANs. Follow these guidelines when configuring a
wireless LAN for both static and dynamic WEP:
•
•
Configuring Layer 3 Security
This section explains how to assign Layer 3 security settings to wireless LANs.
To use Layer 3 security on a Cisco 4100 Series Wireless LAN Controller, the controller must be equipped
Note
with a VPN/Enhanced Security Module (Crypto Module). The module plugs into the back of the
controller and provides the extra processing power needed for processor-intensive security algorithms.
IPSec
IPSec (Internet Protocol Security) supports many Layer 3 security protocols. Enter these commands to
enable IPSec on a wireless LAN:
•
•
IPSec Authentication
IPSec uses hmac-sha-1 authentication as the default for encrypting wireless LAN data, but can also use
hmac-md5, or no authentication. Enter this command to configure the IPSec IP authentication method:
•
•
IPSec Encryption
IPSec uses 3DES encryption as the default for encrypting wireless LAN data, but can also use AES,
DES, or no encryption. Enter this command to configure the IPSec encryption method:
•
•
Cisco Wireless LAN Controller Configuration Guide
6-6
The static WEP key and the dynamic WEP key must be the same length.
When you configure static and dynamic WEP as the Layer-2 security policy, no other security
policies can be specified. For example, when you configure only dynamic WEP or only static WEP,
you can also configure web authentication or IPSec. However, when you configure both static and
dynamic WEP, you cannot also configure web authentication or IPSec.
config wlan security ipsec {enable | disable} wlan-id
Enter show wlan to verify that IPSec is enabled.
config wlan security ipsec authentication {hmac-md5 | hmac-sha-1 | none} wlan-id
Enter show wlan to verify that the IPSec authentication method is configured.
config wlan security ipsec encryption {3des | aes | des | none} wlan-id
Enter show wlan to verify that the IPSec encryption method is configured.
Chapter 6
Configuring WLANs
OL-8335-02