Cisco WAP581 Administration Manual page 64

Wireless-ac/n dual radio access point with 2.5gbe lan

Hide thumbs Also See for WAP581:

Quick start manual (14 pages)

Quick start manual (17 pages)

Manual (10 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

page of 134

/ 134
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring Security Settings

• WPA2-AES — All client stations on the network support WPA2 and AES-CCMP cipher/security

• PMF (Protection Management Frame) — Provides security for the unencrypted 802.11 management

frames. When Security Mode is disabled, the PMF is set to No PMF and is not editable (Hidden or Grey).

When the security Mode is set to WPA2-xxx, the PMF is Capable by default and is editable. The following

three check box values can be configured for it.

• Not Required

• Capable

• Required

• Key — The shared secret key for WPA Personal security. Enter a string of at least 8 characters to a

maximum of 63 characters. Acceptable characters include uppercase and lowercase alphabetic letters,

the numeric digits, and special symbols such as @ and #.

• Show Key as Clear Text —When enabled, the text you type is visible. When disabled, the text is not

masked as you enter it.

• Key Strength Meter — The WAP device checks the key against complexity criteria such as how many

different types of characters (uppercase and lowercase alphabetic letters, numbers, and special characters)

are used and how long is the string. If the WPA-PSK complexity check feature is enabled, the key is not

accepted unless it meets the minimum criteria. See

information on configuring the complexity check.

• Broadcast Key Refresh Rate — The interval at which the broadcast (group) key is refreshed for clients

associated with this VAP. The default is 86400 seconds and the valid range is from 0 to 86400 seconds.

A value of 0 indicates that the broadcast key is not refreshed.

WPA Enterprise

The WPA Enterprise with RADIUS is an implementation of the Wi-Fi Alliance IEEE 802.11i standard, which

includes CCMP (AES), and TKIP encryption. The Enterprise mode requires the use of a RADIUS server to

authenticate the users.

Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide

protocol. This provides the best security per IEEE 802.11i standard. As per the latest Wi-Fi Alliance

requirement, the AP has to support this mode all the time.

If the network has a mix of clients, some of which support WPA2 and others which support only

the original WPA, select both. This lets both WPA and WPA2 client stations associate and

authenticate, but uses the more robust WPA2 for clients who support it. This WPA configuration

allows more interoperability in place of some security.

WPA clients must have one of these keys to be able to associate with the WAP device:

• A valid TKIP key

• A valid AES-CCMP key

Note

The WiFi Alliance requires the PMF to be enabled and set to Capable (Default).

You may disable it when the non-compliant wireless clients experience instability

or connectivity issues.

Configure WAP-PSK Complexity, on page 44

Wireless

for

Table of Contents

Cisco WAP581 Administration Manual page 64

Related Manuals for Cisco WAP581

Related Products for Cisco WAP581

Table of Contents