Cisco Cisco Aironet 350 Access Points Notas de publicación
5
EAP Authentication Requires Matching 802.1x Protocol Drafts
OL-2387-O1
Limitations and Restrictions
Wireless client devices use Extensible Authentication Protocol (EAP) to log onto a network and generate
a dynamic, client-specific WEP key for the current logon session. If your wireless network uses WEP
without EAP, client devices use the static WEP keys entered in the Aironet Client Utilities.
a dynamic, client-specific WEP key for the current logon session. If your wireless network uses WEP
without EAP, client devices use the static WEP keys entered in the Aironet Client Utilities.
If you use Network-EAP authentication on your wireless network, your client devices and access points
must use the same 802.1x protocol draft. For example, if the radio firmware on the client devices that
will associate with an access point is 4.16, then the access point should be configured to use Draft 8 of
the 802.1x protocol.
must use the same 802.1x protocol draft. For example, if the radio firmware on the client devices that
will associate with an access point is 4.16, then the access point should be configured to use Draft 8 of
the 802.1x protocol.
lists firmware versions for Cisco Aironet products and the draft with which
they comply.
Note
Draft standard 8 is the default setting in firmware version 11.05 and earlier, and it might remain in
effect when you upgrade the firmware to version 11.06 or later. Check the setting on the
Authenticator Configuration page in the management system to make sure the best draft standard for
your network is selected.
effect when you upgrade the firmware to version 11.06 or later. Check the setting on the
Authenticator Configuration page in the management system to make sure the best draft standard for
your network is selected.
Use the Authenticator Configuration page in access point firmware version 11.07a to select the draft of
the 802.1x protocol the access point’s radio should use. Follow these steps to set the draft for your access
point:
the 802.1x protocol the access point’s radio should use. Follow these steps to set the draft for your access
point:
Step 1
Browse to the Authenticator Configuration page in the access point management system.
a.
On the Summary Status page, click Setup.
b.
On the Setup page, click Security.
c.
On the Security Setup page, click Authentication Server.
Step 2
Use the 802.1x Protocol Version (for EAP authentication) pull-down menu to select the draft of the
802.1x protocol the access point’s radio should use. Menu options include:
802.1x protocol the access point’s radio should use. Menu options include:
•
Draft 7—No radio firmware versions compliant with Draft 7 have LEAP capability, so you
should not need to select this setting.
should not need to select this setting.
Table 1
802.1x Protocol Drafts and Compliant Client Firmware
Firmware Version
Draft 7
Draft 8
Draft 10
1
1.
The functionality in Draft 10 is equivalent to the functionality in Draft 11, the
ratified draft of the 802.1x standard.
ratified draft of the 802.1x standard.
PC/PCI cards 4.13
—
x
—
PC/PCI cards 4.16
—
x
—
PC/PCI cards 4.23
—
x
—
PC/PCI cards 4.25 and later
—
—
x
WGB34x/352 8.58
—
x
—
WGB34x/352 8.61 or later
—
—
x
AP34x/35x 11.05 and earlier
—
x
—
AP34x/35x 11.06 and later
2
2.
The default draft setting in access point and bridge firmware version 11.06 and
later is Draft 10.
later is Draft 10.
—
x
x
AP34x/35x 11.07a and later
—
x
x