Cisco Cisco IOS Software Release 12.2(4)XR
Cisco IOS WAP Gateway with WTLS Class 2 Support
Configuration Tasks
6
Cisco IOS WAP Gateway with WTLS Class 2 Support
Configuring a WAP Gateway Interface
The Cisco IOS WAP Gateway is configured on only one interface but it operates over all physical
interfaces to take advantage of any redundancy and to maximize availability. The interface on which the
WAP gateway is configured can be a physical or loopback (virtual) interface. The gateway uses the
primary IP address of this interface as the IP address for all WAP traffic, regardless of the actual physical
interface over which the packets arrive or depart. To reduce the dependence on a physical interface that
may be subject to physical connection issues or network failures, we recommend that the WAP gateway
be configured on a loopback interface.
interfaces to take advantage of any redundancy and to maximize availability. The interface on which the
WAP gateway is configured can be a physical or loopback (virtual) interface. The gateway uses the
primary IP address of this interface as the IP address for all WAP traffic, regardless of the actual physical
interface over which the packets arrive or depart. To reduce the dependence on a physical interface that
may be subject to physical connection issues or network failures, we recommend that the WAP gateway
be configured on a loopback interface.
To enable the Cisco IOS WAP gateway on a router, use the following commands beginning in global
configuration mode:
configuration mode:
Configuring Customer-Supplied User Authentication on the WAP Gateway
The Cisco IOS WAP Gateway contains a feature and associated commands that allow the device browser
to be redirected to a URL where customer-supplied user authentication can occur before the gateway will
display any requested web content.
to be redirected to a URL where customer-supplied user authentication can occur before the gateway will
display any requested web content.
The user authentication feature can be used to supplement the static WAP username and password
provided by most browsers. Static passwords may not provide the required level of security for an
enterprise where all network access is controlled using one-time passwords. In this environment, the user
must change the password on the WAP-enabled device before establishing each WAP session. The
navigation on the device is tedious and may discourage use of the service. Using some form of initial
group ID and password on the WAP-enabled device, and implementing a customer-supplied user
authentication on the gateway, could allow the one-time password to be verified using WAP itself. A
filtering mechanism may be employed on the firewall to ensure that the group ID initial requests access
only the WAP gateway.
provided by most browsers. Static passwords may not provide the required level of security for an
enterprise where all network access is controlled using one-time passwords. In this environment, the user
must change the password on the WAP-enabled device before establishing each WAP session. The
navigation on the device is tedious and may discourage use of the service. Using some form of initial
group ID and password on the WAP-enabled device, and implementing a customer-supplied user
authentication on the gateway, could allow the one-time password to be verified using WAP itself. A
filtering mechanism may be employed on the firewall to ensure that the group ID initial requests access
only the WAP gateway.
Command
Purpose
Step 1
Router(config)# interface type number
Specifies the type and number of the interface on
which the feature is to be configured. Enters
interface configuration mode.
which the feature is to be configured. Enters
interface configuration mode.
Step 2
Router(config-if)# ip address ip-address mask
Configures the interface with an IP address. This
is the address with which the WAP-enabled
wireless devices must be configured to
communicate with the gateway.
is the address with which the WAP-enabled
wireless devices must be configured to
communicate with the gateway.
Step 3
Router(config-if)# wap {all | protocol-stack}
Configures the interface to operate all the protocol
stacks or a list specifying one or more of the
options.
stacks or a list specifying one or more of the
options.
The protocol-stack argument can be one or more
of the following keywords: cl, co, secure-cl, and
secure-co.
of the following keywords: cl, co, secure-cl, and
secure-co.