Support User Manuals

Cisco Systems OL-7426-03 Network Router User Manual

Open as PDF

of 276

5/26/05 Local MAC Filter

OL-7426-03

for 104-bit/128-bit keys, or 32 hexadecimal or 16 ASCII characters for 128-bit/152-bit

keys; and

- <key-index> = 1 through 4.

Dynamic WPA Keys and Encryption

Dynamic WPA Keys and Encryption

Cisco Wireless LAN Controllers can only control WPA (Wi-Fi Protected Access) authorization policy

across Cisco 1000 Series lightweight access points.

• Use the show wlan <wlan id> command to check the security settings of each WLAN. The

default is 802.1X with dynamic keys enabled.

• If you want to configure the more-robust WPA authorization policy, turn 802.1X off:

>config wlan security 802.1X disable <wlan id>

where <wlan id> = 1 through 16.

• Then configure authorization and dynamic key exchange on 802.1X disabled WLANs using the

following commands:

>config wlan security wpa enable <wlan id>

>config wlan security wpa encryption aes-ocb <wlan id>

>config wlan security wpa encryption tkip <wlan id>

>config wlan security wpa encryption wep <wlan id> [40/104/128]

where <wlan id> = 1 through 16, and [40/104/128] = 40/64, 104/128, or 128/156 encryption

bits (default = 104).

• Use the show wlan command to verify that you have WPA enabled.

Layer 3 SecurityLayer 3 Security

IPSecIPSec

IPSec (Internet Protocol Security) supports many Layer 3 security protocols.

• Use the show wlan command to show the current IPSec configuration.

• Use the following command to enable IPSec on a WLAN:

>config wlan security ipsec [enable/disable] <WLAN id>

where <WLAN id> = 1 through 16.

• Use the show wlan command to verify that you have IPSec enabled.

Note: One unique WEP Key Index can be applied to each WLAN. Because there are

only four <key-index> numbers, only four WLANs can be configured for Static WEP

Layer 2 encryption. Also note that some legacy clients can only access Key Index 1

through 3 but cannot access Key Index 4.

Note: WLANs are created in disabled mode; leave them disabled until you have

finished configuring them.

Note: Using Layer 3 security requires that the Cisco 4100 Series Wireless LAN

Controller be equipped with an VPN/Enhanced Security Module (Crypto Module). The

module plugs into the rear of the Cisco 4100 Series Wireless LAN Controller, and

provides the extra processing power needed for processor-intensive security

algorithms.

previous next