Online Help for Cisco IOS Release 12.3(02)JA
     
Home
Express Set-up
Express Security
Network Map
Association
Network Interfaces
Security
Admin Access
SSID Manager
Encryption Manager
Server Manager
Advanced Security
Services
System Software
Event Log

 

  
Express Security Set-Up

Just as you use the Express Setup page to assign basic settings, you can the Express Security page to create unique SSIDs and assign one of three security types to them. The Express Security page helps you configure your basic security settings. You can use the web-browser interface's main Security page to configure more advanced security settings. Because the Express Security page is designed for simple configuration of basic security, the options available are a subset of the access point's security capabilities. Refer to the Cisco IOS Software Configuration Guide for the limitations when using the Express Security page.

SSID

When the access point configuration is at factory defaults, the first SSID that you create using the Express security page overwrites the default SSID (tsunami for access points and autoinstall for bridges), which has no security settings. The SSIDs that you create appear in the SSID table at the bottom of the page. You can create up to 16 SSIDs on the access point.

Broadcast SSID in Beacon

This setting is active only when the device is in the Root AP mode. When you broadcast the SSID, devices that do not specify an SSID can associate to the bridge when it is a root access point. This is a useful option for an SSID used by guests or by client devices in a public space. If you do not broadcast the SSID, client devices cannot associate to the access point unless their SSID matches this SSID. Only one SSID can be included in the beacon.

VLAN

If you use VLANs on your wireless LAN and assign SSIDs to VLANs, you can create multiple SSIDs using any of the four security settings on the Express Security page. However, if you do not use VLANs on your wireless LAN, the security options that you can assign to SSIDs are limited because, on the Express Security page, encryption settings and authentication types are linked. Without VLANs, encryption settings (WEP and ciphers) apply to an interface, such as the 2.4-GHz radio, and you cannot use more than one encryption setting on an interface.

No VLAN

Select this if you are not using VLANs.

Enable VLAN ID

Select this if you want to specify the virtual Ethernet LAN identification number tied to the SSID.

Native VLAN

Select this if you want this VLAN ID to be the native VLAN.

Security

You can assign four security types to an SSID.

  • No Security - This is the least secure option. You should use this option only for SSIDs used in a public space and assign it to a VLAN that restricts access to your network.
  • Static WEP Key - This option is more secure than no security. However, static WEP keys are vulnerable to attack. If you configure this setting, you should consider limiting association to the access point based on MAC address or, if your network does not have a RADIUS server, consider using an access point as a local authentication server. This security feature enables mandatory WEP. Client devices cannot associate using this SSID without a WEP key that matches the access point's key.
  • EAP Authentication - This option enables 802.1x authentication (such as LEAP, PEAP, EAP-TLS, EAP-GTC, EAP-SIM, and others) and requires you to enter the IP address and shared secret for an authentication server on your network (server authentication port 1645). Because 802.1x authentication provides dynamic encryption keys, you do not need to enter a WEP key. This security features enables mandatory 802.1x authentication. Client devices that associate using this SSID must perform 802.1 authentication.
  • WPA - Wi-Fi Protected Access (WPA) permits wireless access to users authenticated against a database through the services of an authentication server, then encrypts their IP traffic with stronger algorithms than those used in WEP. As with EAP authentication, you must enter the IP address and shared secret for an authentication server on your network (server authentication port 1645). This security feature enables mandatory WPA authentication. Client devices that associate using this SSID must be WPA-capable.

SSID Table

This table displays the SSID and the VLAN, encryption, authentication, key management options associated with it.

 

See Also: Using Express Security

 

 

 
   
Copyright (c) 2004 by Cisco Systems, Inc.