Cisco Cisco Aironet 1522 Lightweight Outdoor Mesh Access Point
21
Mobile Access Router and Mesh Networks Design Guide
OL-11823-01
Security
Step 4
To choose an EAP authentication method for authentication purposes, enter:
bridge(config-eap-profile)# method [fast|gtc|leap|md5|mschapv2|tls]
Step 5
Use the exit command to return to privileged EXEC mode.
Note
A device configured for EAP authentication forces all root devices that associate to perform EAP
authentication. Root devices that do not use EAP cannot communicate with the device.
authentication. Root devices that do not use EAP cannot communicate with the device.
Step 6
To enter global ssid mode, enter:
bridge(config)# dot11 ssid
ssid-string
Step 7
(Optional) To set the authentication type for the SSID to “use EAP for authentication and key
distribution,” enter:
distribution,” enter:
bridge(config-ssid)# authentication network-eap
list-name
Step 8
To create a dot1x credentials profile and enter the dot1x credentials configuration submode, enter:
bridge(config)# dot1x credentials
profile
Step 9
To specify the EAP profile, enter:
bridge(config-ssid)# dot1x eap profile
profile-name-string
This is the profile you created in Step 2.
Step 10
(Optional) To set the key-management type for the SSID to WPA, CCKM, or both, enter:
bridge(config-ssid)# authentication key-management {[wpa] [cckm]} [optional]
If you use the optional keyword, client devices that are not configured for WPA or CCKM can use this
SSID. If you do not use the optional keyword, only WPA or CCKM client devices are allowed to use the
SSID. To enable CCKM for an SSID, you must also enable Network-EAP authentication. To enable
WPA for an SSID, you must also enable open authentication, network-EAP, or both.
SSID. If you do not use the optional keyword, only WPA or CCKM client devices are allowed to use the
SSID. To enable CCKM for an SSID, you must also enable Network-EAP authentication. To enable
WPA for an SSID, you must also enable open authentication, network-EAP, or both.
Note
Only 802.11b and 802.11g radios support WPA and CCKM simultaneously.
Before you can enable CCKM or WPA, you must set the encryption mode to a cipher suite that includes
TKIP/AES-CCMP. To enable both CCKM and WPA, you must set the encryption mode to a cipher suite
that includes TKIP.
If you enable WPA for an SSID without a pre-shared key, the key management type is WPA. If you
enable WPA with a pre-shared key, the key management type is WPA-PSK.
Step 11
Enter the exit command and then, optionally, enter the copy running-config startup-config command
to create a copy of your configuration file.
to create a copy of your configuration file.