Cisco Cisco Aironet 3500p Access Point
4-13
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter 4 Configuring the Access Point for the First Time
Assigning Basic Settings
Express Security page encryption settings and authentication types are linked. Without VLANs,
encryption settings (WEP and ciphers) apply to an interface, such as the 2.4-GHz radio, and you cannot
use more than one encryption setting on an interface. For example, when you create an SSID with static
WEP with VLANs disabled, you cannot create additional SSIDs with WPA authentication because they
use different encryption settings. If you find that the security setting for an SSID conflicts with another
SSID, you can delete one or more SSIDs to eliminate the conflict.
encryption settings (WEP and ciphers) apply to an interface, such as the 2.4-GHz radio, and you cannot
use more than one encryption setting on an interface. For example, when you create an SSID with static
WEP with VLANs disabled, you cannot create additional SSIDs with WPA authentication because they
use different encryption settings. If you find that the security setting for an SSID conflicts with another
SSID, you can delete one or more SSIDs to eliminate the conflict.
Security Types for an SSID
Table 4-2
Security Types on Express Security Setup Page
Security Type
Description
Security Features Enabled
No Security
This is the least secure option. You
should use this option only for SSIDs
used in a public space and assign it to
a VLAN that restricts access to your
network.
should use this option only for SSIDs
used in a public space and assign it to
a VLAN that restricts access to your
network.
None.
Static WEP Key
This option is more secure than no
security. However, static WEP keys
are vulnerable to attack. If you
configure this setting, you should
consider limiting association to the
wireless device based on MAC
address (see the
security. However, static WEP keys
are vulnerable to attack. If you
configure this setting, you should
consider limiting association to the
wireless device based on MAC
address (see the
or, if your network does not
have a RADIUS server, consider
using an access point as a local
authentication server (see
using an access point as a local
authentication server (see
).
Mandatory WEP. Client devices
cannot associate using this SSID
without a WEP key that matches the
wireless device key.
cannot associate using this SSID
without a WEP key that matches the
wireless device key.