1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Controller
  5. OL-8335-02
  6. Configuration manual

Ike Authentication; Ike Diffie-Hellman Group; Ike Phase 1 Aggressive And Main Modes; Ike Lifetime Timeout - Cisco OL-8335-02 Configuration Manual

Wireless lan controller
Hide thumbs
Table of Contents

Advertisement

Chapter 6
Configuring WLANs

IKE Authentication

IPSec IKE (Internet Key Exchange) uses pre-shared key exchanges, x.509 (RSA Signatures) certificates,
and XAuth-psk for authentication. Enter these commands to enable IPSec IKE on a wireless LAN that
uses IPSec:

IKE Diffie-Hellman Group

IPSec IKE uses Diffie-Hellman groups to block easily-decrypted keys. Enter these commands to
configure the Diffie-Hellman group on a wireless LAN with IPSec enabled:

IKE Phase 1 Aggressive and Main Modes

IPSec IKE uses the Phase 1 Aggressive (faster) or Main (more secure) mode to set up encryption between
clients and the controller. Enter these commands to specify the Phase 1 encryption mode for a wireless
LAN with IPSec enabled:

IKE Lifetime Timeout

IPSec IKE uses its timeout to limit the time that an IKE key is active. Enter these commands to configure
an IKE lifetime timeout:
OL-8335-02
config wlan security ipsec ike authentication certificates wlan-id
Use the certificates option to specify RSA signatures.
config wlan security ipsec ike authentication xauth-psk wlan-id key
Use the xauth-psk option to specify XAuth pre-shared key.
For key, enter a pre-shared key from 8 to 255 case-sensitive ASCII characters.
config wlan security ipsec ike authentication pre-shared-key wlan-id key
Enter show wlan to verify that IPSec IKE is enabled.
config wlan security ipsec ike DH-Group wlan-id group-id
For group-id, enter group-1, group-2 (this is the default setting), or group-5.
Enter show wlan to verify that IPSec IKE DH group is configured.
config wlan security ipsec ike phase1 {aggressive | main} wlan-id
Enter show wlan to verify that the Phase 1 encryption mode is configured.
config wlan security ipsec ike lifetime wlan-id seconds
For seconds, enter a number of seconds from 1800 to 345600 seconds. The default timeout is
28800 seconds.
Enter show wlan to verify that the key timeout is configured.
Cisco Wireless LAN Controller Configuration Guide
Configuring Wireless LANs
6-7
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco OL-8335-02

Related Content for Cisco OL-8335-02

This manual is also suitable for:

Air-wlc2006-k9Air-wlc4112-k9Air-wlc4124-k9Air-wlc4136-k9Air-wlc4402-12-k9Air-wlc4402-25-k9 ... Show all

Table of Contents