Cisco Cisco Aironet 1524 Lightweight Outdoor Mesh Access Point
19
Mobile Access Router and Mesh Networks Design Guide
OL-11823-01
Security
Assigning Authentication Types to an SSID
From privileged EXEC mode, follow these steps to configure authentication types for SSIDs, such as an
AP, root bridge, or non-root bridge, on the root device:
AP, root bridge, or non-root bridge, on the root device:
Step 1
To enter global configuration mode for the router, enter:
bridge# configure terminal
Step 2
To create an SSID, enter:
bridge(config)# dot11 ssid ssid-string
The SSID can consist of up to 32 alphanumeric characters. SSIDs are case-sensitive.
Step 3
(Optional) To set the authentication type to “open” for this SSID, enter:
bridge(config-ssid)# authentication open [mac-address
list-name
[alternate]] [[optional]
eap
list-name
]
Open authentication allows any client device to authenticate and then attempt to communicate with the
WMIC.
WMIC.
Step 4
(Optional) Set the SSID's authentication type to open with MAC address authentication. The access point
forces all client devices to perform MAC-address authentication before they are allowed to join the
network. For list-name, specify the authentication method list. Use the alternate keyword to allow client
devices to join the network using either MAC or EAP authentication; clients that successfully complete
either authentication are allowed to join the network.
forces all client devices to perform MAC-address authentication before they are allowed to join the
network. For list-name, specify the authentication method list. Use the alternate keyword to allow client
devices to join the network using either MAC or EAP authentication; clients that successfully complete
either authentication are allowed to join the network.
Step 5
(Optional) Set the SSID's authentication type to open with EAP authentication. The WMIC forces all
other client devices to perform EAP authentication before they are allowed to join the network. For
list-name, specify the authentication method list. Use the optional keyword to allow client devices using
either open or EAP authentication to associate and become authenticated. This setting is used mainly by
service providers that require special client accessibility.
other client devices to perform EAP authentication before they are allowed to join the network. For
list-name, specify the authentication method list. Use the optional keyword to allow client devices using
either open or EAP authentication to associate and become authenticated. This setting is used mainly by
service providers that require special client accessibility.
Note
A root device configured for EAP authentication forces all client devices that associate to
perform EAP authentication. Client devices that do not use EAP cannot communicate with the
root device.
perform EAP authentication. Client devices that do not use EAP cannot communicate with the
root device.
For more information on method lists, refer to the following URL:
Step 6
(Optional) Use the following command to set the authentication type for the SSID to “shared key:”
bridge(config-ssid)# authentication shared [mac-address
list-name
] [eap
list-name
]
Note
Because of security flaws associated with using shared key, we recommend that you avoid using
it. You can assign shared key authentication to only one SSID.
it. You can assign shared key authentication to only one SSID.
Step 7
(Optional) Set the SSID's authentication type to shared key with MAC address authentication. For
list-name, specify the authentication method list.
list-name, specify the authentication method list.
Step 8
(Optional) Set the SSID's authentication type to shared key with EAP authentication. For list-name,
specify the authentication method list.
specify the authentication method list.