and how to configure it, see the
Configuration
Guide.)
Configuring a Service Profile
A service profile controls advertisement and encryption for an SSID. You
can specify the following:
Whether SSIDs that use the service profile are beaconed
Whether the SSIDs are encrypted or clear (unencrypted)
For encrypted SSIDs, the encryption settings to use
The fallthru authentication method for users that are not
authenticated with 802.1X or MAC authentication. The fallthru
method can be Web, last-resort, or none. (See "Configuring for
Authenticating Users" on page 60.)
Table 12 lists the parameters controlled by a service profile and their
default values.
Table 12 Defaults for Service Profile Parameters
Default
Parameter
Value
auth-dot1x
enable
auth-fallthru
web-auth
auth-psk
disable
beacon
enable
cipher-ccmp
disable
cipher-tkip
enable
cipher-wep104
disable
Configuring for Authenticating Users
Wireless LAN Switch and Controller
Radio Behavior When Parameter Set To
Default Value
When the Wi-Fi Protected Access (WPA)
information element (IE) is enabled, uses 802.1X
to authenticate WPA clients.
Uses Web AAA for users who do not match an
802.1X or MAC authentication rule for the SSID
requested by the user.
Does not support using a preshared key (PSK) to
authenticate WPA clients.
Sends beacons to advertise the SSID managed by
the service profile.
Does not use Counter with Cipher Block Chaining
Message Authentication Code Protocol (CCMP) to
encrypt traffic sent to WPA clients.
When the WPA IE is enabled, uses Temporal Key
Integrity Protocol (TKIP) to encrypt traffic sent to
WPA clients.
Does not use Wired Equivalent Privacy (WEP) with
104-bit keys to encrypt traffic sent to WPA clients.
69