Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Designanleitung
11-9
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 11 Mobile Access Router, Universal Bridge Client, and Cisco Unified Wireless
Security
The WMIC uses four authentication mechanisms or types and can use more than one at the same time.
The following are the four authentication types that the WMIC can use:
•
Open authentication to the WMIC
•
Shared key authentication to the WMIC
•
EAP authentication to the network
•
MAC address authentication to the network
For more information on authentication mechanisms, see
Encryption and Key Management
The 3200 MAR WMIC supports Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and
Cisco Centralized Key Management (CCKM) for encryption and key management. Further information
on these security topics can be found in
Cisco Centralized Key Management (CCKM) for encryption and key management. Further information
on these security topics can be found in
Security Configuration
The default SSID on the WMIC is autoinstall, which is also configured as guest mode. In guest mode,
the WMIC broadcasts this SSID in its beacon and allows client devices with no SSID to associate. Also
by default, the authentication types assigned to autoinstall are open. This enables clients with no security
settings whatsoever to connect to the 3200 MAR. To secure the MAR, this configuration default must be
changed.
the WMIC broadcasts this SSID in its beacon and allows client devices with no SSID to associate. Also
by default, the authentication types assigned to autoinstall are open. This enables clients with no security
settings whatsoever to connect to the 3200 MAR. To secure the MAR, this configuration default must be
changed.
Assigning Authentication Types to an SSID
The commands following in this section cover the steps to configuring authentication types for SSIDs
on a WMIC in root device mode. Each command is followed by a description of the command
components and any optional configuration components.
on a WMIC in root device mode. Each command is followed by a description of the command
components and any optional configuration components.
•
dot11 ssid ssid-string
This command defines an SSID. The SSID can consist of up to 32 alphanumeric characters. SSIDs
are case sensitive.
are case sensitive.
•
authentication open [mac-address list-name [alternate]] [[optional] eap list-name]
–
(Optional) Sets the authentication type to open for this SSID. Open authentication allows any
client device to authenticate and then attempt to communicate with the WMIC.
client device to authenticate and then attempt to communicate with the WMIC.
–
(Optional) Sets the SSID authentication type to open with MAC address authentication. The
access point forces all client devices to perform MAC address authentication before they are
allowed to join the network. For list-name, specify the authentication method list. Additional
information on method lists may be found at the following URL:
access point forces all client devices to perform MAC address authentication before they are
allowed to join the network. For list-name, specify the authentication method list. Additional
information on method lists may be found at the following URL:
Use the alternate keyword to allow client devices to join the network using either MAC or EAP
authentication; clients that successfully complete either authentication are allowed to join the
network.
authentication; clients that successfully complete either authentication are allowed to join the
network.