Understanding Express Security Settings; Using Vlans; Express Security Types - Cisco Aironet 350 Series Hardware Installation Manual

Configuring Basic Security Settings

Understanding Express Security Settings

When the access point configuration is at factory defaults, the first SSID that you create by using the
Express Security page overwrites the default SSID (tsunami), which has no security settings. The SSIDs
that you create appear in the SSID table at the bottom of the page. You can create up to 16 SSIDs on the
access point.
In Cisco IOS Release 12.3(4)JA, there is no default SSID. You must configure an SSID before client
Note
devices can associate to the access point.

Using VLANs

If you use VLANs on your wireless LAN and assign SSIDs to VLANs, you can create multiple SSIDs
by using any of the four security settings on the Express Security page. However, if you do not use
VLANs on your wireless LAN, the security options that you can assign to SSIDs are limited because on
the Express Security page encryption settings and authentication types are linked. Without VLANs,
encryption settings (WEP and ciphers) apply to an interface, such as the radio, and you cannot use more
than one encryption setting on an interface. For example, when you create an SSID with static WEP with
VLANs disabled, you cannot create additional SSIDs with WPA authentication because they use
different encryption settings. If you find that the security setting for an SSID conflicts with another
SSID, you can delete one or more SSIDs to eliminate the conflict.
If any VLANs are defined on the access point, the trunk port on the switch must be limited to allow only
the VLANs defined on the access point.

Express Security Types

Table 3-2
Table 3-2
Security Type
No Security
Static WEP Key
Hardware Installation Guide for Cisco Aironet 350 Series Access Points Running Cisco IOS Software
3-10
D r a f t 1 - C I S C O C O N F I D E N T I A L
describes the four security types that you can assign to an SSID.
Security Types on Express Security Setup Page
Description
This is the least secure option. You should
use this option only for SSIDs used in a
public space and assign it to a VLAN that
restricts access to your network.
This option is more secure than no security.
However, static WEP keys are vulnerable to
attack. If you configure this setting, you
should consider limiting association to the
bridge based on MAC address (refer to the
Cisco IOS Software Configuration Guide
for Cisco Aironet Access Points).
Chapter 3 Basic Configuration
Security Features Enabled
None.
Mandatory WEP. Client devices
cannot associate using this SSID
without a WEP key that matches
the bridge key.
OL-7467-01