With Eap - Cisco ISR Configuration Manual

Chapter 6 Configuring Authentication Types
Command
Step 4
authentication shared
[mac-address list-name]
[eap list-name]
Step 5 authentication network-eap
list-name
[mac-address list-name]
Step 6 authentication key-management
{ [wpa]} [ optional ]
OL-6415-04
Purpose
(Optional) Set the authentication type for the SSID to shared
key.
Note Because of shared key's security flaws, Cisco
recommends that you avoid using it.
Note You can assign shared key authentication to only one
SSID.
(Optional) Set the SSID's authentication type to shared key
•
with MAC address authentication. For list-name, specify
the authentication method list.
• (Optional) Set the SSID's authentication type to shared key
with EAP authentication. For list-name, specify the
authentication method list.
(Optional) Set the authentication type for the SSID to
Network-EAP. Using the Extensible Authentication Protocol
(EAP) to interact with an EAP-compatible RADIUS server, the
access point helps a wireless client device and the RADIUS
server to perform mutual authentication and derive a dynamic
unicast WEP key. However, the access point does not force all
client devices to perform EAP authentication.
(Optional) Set the SSID's authentication type to
•
Network-EAP with MAC address authentication. All client
devices that associate to the access point are required to
perform MAC-address authentication. For list-name,
specify the authentication method list.
(Optional) Set the authentication type for the SSID to WPA. If
you use the optional keyword, client devices other than WPA
clients can use this SSID. If you do not use the optional
keyword, only WPA client devices are allowed to use the SSID.
When Network EAP is enabled for an SSID, client devices
using LEAP, EAP-FAST, PEAP/GTC, MSPEAP, and EAP-TLS
can authenticate using the SSID.
To enable WPA for an SSID, you must also enable Open
authentication or Network-EAP or both.
Before you can enable WPA, you must set the
Note
encryption mode for the SSID's VLAN to one of the
cipher suite options. See the
Types" section on page 5-3
configuring the VLAN encryption mode.
Note If you enable WPA for an SSID without a pre-shared
key, the key management type is WPA. If you enable
WPA with a pre-shared key, the key management type
is WPA-PSK. See the
Settings" section on page 6-13
configuring a pre-shared key.
Cisco Wireless ISR and HWIC Access Point Configuration Guide
Configure Authentication Types
"Configure Encryption
for instructions on
"Configuring Additional WPA
for instructions on
6-11