Table of Contents
Advertisement
Understand Authentication Types
Understand Authentication Types
This section describes the authentication types that you can configure on the access point. The
authentication types are tied to the SSIDs that you configure for the access point. If you want to serve
different types of client devices with the same access point, you can configure multiple SSIDs. See
Chapter 3, "Configuring Multiple SSIDs,"
Before a wireless client device can communicate on your network through the access point, it must
authenticate to the access point using open or shared-key authentication. For maximum security, client
devices should also authenticate to your network using MAC-address or EAP authentication,
authentication types that rely on an authentication server on your network.
By default, the access point sends reauthentication requests to the authentication server with the
Note
service-type attribute set to authenticate-only. However, some Microsoft IAS servers do not support the
authenticate-only service-type attribute. Changing the service-type attribute to login-only ensures that
Microsoft IAS servers recognize reauthentication requests from the access point. Use the dot11 aaa
authentication attributes service-type login-only global configuration command to set the
service-type attribute in reauthentication requests to login-only.
The access point uses several authentication mechanisms or types and can use more than one at the same
time. These sections explain each authentication type:
•
•
•
•
•
•
•
Open Authentication to Access Point
Open authentication allows any device to authenticate and then attempt to communicate with the access
point. Using open authentication, any wireless device can authenticate with the access point, but the
device can communicate only if its WEP keys match the access point's. Devices not using WEP do not
attempt to authenticate with an access point that is using WEP. Open authentication does not rely on a
RADIUS server on your network.
Figure 6-1
using open authentication. In this example, the device's WEP key does not match the access point's key,
so it can authenticate but not pass data.
Cisco Wireless ISR and HWIC Access Point Configuration Guide
6-2
Open Authentication to Access Point, page 6-2
Shared Key Authentication to Access Point, page 6-3
EAP Authentication to Network, page 6-4
MAC Address Authentication to the Network, page 6-5
Combining MAC-Based, EAP, and Open Authentication, page 6-6
Using WPA Key Management, page 6-6
Using WPA Key Management, page 6-6
shows the authentication sequence between a device trying to authenticate and an access point
Chapter 6
for complete instructions on configuring multiple SSIDs.
Configuring Authentication Types
OL-6415-04
Advertisement
Table of Contents
