Cisco Cisco Aironet 1522 Lightweight Outdoor Mesh Access Point
20
Mobile Access Router and Mesh Networks Design Guide
OL-11823-01
Security
Step 9
(Optional) Set the authentication type for the SSID to use EAP for authentication and key distribution
by entering:
by entering:
bridge(config-ssid)# authentication network-eap
list-name
[mac-address
list-name
]
Step 10
(Optional) Set the SSID's authentication type to Network-EAP with MAC address authentication. All
client devices that associate to the access point are required to perform MAC-address authentication. For
list-name, specify the authentication method list.
client devices that associate to the access point are required to perform MAC-address authentication. For
list-name, specify the authentication method list.
Step 11
(Optional) Set the key-management type for the SSID to WPA, CCKM, or both:
bridge(config-ssid)# authentication key-management {[wpa] [cckm]} [optional]
If you use the optional keyword, client devices not configured for WPA or CCKM can use this SSID. If
you do not use the optional keyword, only WPA or CCKM client devices are allowed to use the SSID.
To enable CCKM for an SSID, you must also enable Network-EAP authentication. To enable WPA for
an SSID, you must also enable Open authentication or Network-EAP or both.
you do not use the optional keyword, only WPA or CCKM client devices are allowed to use the SSID.
To enable CCKM for an SSID, you must also enable Network-EAP authentication. To enable WPA for
an SSID, you must also enable Open authentication or Network-EAP or both.
Note
Simultaneous use of WPA and CCKM is not supported with 802.11a radios.
Before you can enable CCKM or WPA, you must set the encryption mode to a cipher suite that
includes TKIP/AES-CCMP. To enable both CCKM and WPA, you must set the encryption mode
to a cipher suite that includes TKIP.
If you enable WPA for an SSID without a pre-shared key, the key management type is WPA. If
you enable WPA with a pre-shared key, the key management type is WPA-PSK.
To support CCKM, your root device must interact with the WDS device on your network.
Step 12
To return to privileged EXEC mode, enter:
bridge(config-ssid)# exit
Step 13
(Optional) To save your entries in the configuration file, enter:
bridge# copy running-config startup-config
Configuring Authentication Types for 2.4 WMIC Radios
To configure authentication types for SSIDs on the non-root side, in privileged EXEC mode, perform the
following steps:
following steps:
Step 1
To enter global configuration mode, enter:
bridge# configure terminal
Step 2
To create the EAP profile, enter:
bridge(config)# eap profile
profile-name-string
Step 3
To create a dot1x credentials profile and enter the dot1x credentials configuration submode, enter:
bridge(config)# dot1x credentials
profile