Express Security Limitations - Cisco Aironet 350 Series Hardware Installation Manual

Chapter 3 Basic Configuration
Table 3-2
Security Type
EAP
Authentication
WPA
28

Express Security Limitations

Because the Express Security page is designed for simple configuration of basic security, the options
available are a subset of the bridge security capabilities. Keep these limitations in mind when using the
Express Security page:
•
•
•
•
•
•
•
For detailed information about security and security settings, refer to the Cisco IOS Software
Note
Configuration Guide for Cisco Aironet Access Points.
OL-7467-01
D r a f t 1 - C I S C O C O N F I D E N T I A L
Security Types on Express Security Setup Page (continued)
Description
This option enables 802.1x authentication
(such as LEAP, PEAP, EAP-TLS,
EAP-GTC, EAP-SIM, and others) and
requires you to enter the IP address and
shared secret for an authentication server on
your network (server authentication port
1645). Because 802.1x authentication
provides dynamic encryption keys, you do
not need to enter a WEP key.
Wi-Fi Protected Access (WPA) permits
wireless access to users authenticated
against a database through the services of
an authentication server, then encrypts their
IP traffic with stronger algorithms than
those used in WEP. As with EAP
authentication, you must enter the IP
address and shared secret for an
authentication server on your network
(server authentication port 1645).
If the No VLAN option is selected, the static WEP key can be configured once. If you select Enable
VLAN, the static WEP key should be disabled.
You cannot edit SSIDs. However, you can delete SSIDs and re-create them.
You cannot assign SSIDs to specific radio interfaces. The SSIDs that you create are enabled on all
radio interfaces. To assign SSIDs to specific radio interfaces, use the Security SSID Manager page.
You cannot configure multiple authentication servers. To configure multiple authentication servers,
use the Security Server Manager page.
You cannot configure multiple WEP keys. To configure multiple WEP keys, use the Security
Encryption Manager page.
You cannot assign an SSID to a VLAN that is already configured on the bridge. To assign an SSID
to an existing VLAN, use the Security SSID Manager page.
You cannot configure combinations of authentication types on the same SSID (such as MAC address
authentication and EAP authentication). To configure combinations of authentication types, use the
Security SSID Manager page.
Hardware Installation Guide for Cisco Aironet 350 Series Access Points Running Cisco IOS Software
Configuring Basic Security Settings
Security Features Enabled
Mandatory 802.1x authentication.
Client devices that associate using
this SSID must perform 802.1x
authentication.
Mandatory WPA authentication.
Client devices that associate using
this SSID must be WPA-capable.
3-11