Table Of Contents
Security Configuration
Security Configuration Window
LEAP Configuration for a Repeater
User Manager Configuration
AAA Server Configuration
WEP Key Configuration
Security Configuration
This section describes the security configuration settings. The following topics are covered in this section:
•
Security Configuration Window
•LEAP Configuration for a Repeater
•User Manager Configuration
•AAA Server Configuration
•WEP Key Configuration
Security Configuration Window
The conversion tool cannot access the security passwords, secret keys, and WEP keys from an access point. The access point administrator must enter these parameters to allow the conversion tool to create a complete Cisco IOS configuration. Figure 3-1 shows the Security Configuration window with the Get Security Configuration button.
Note If the source configuration is set for Disk Storage, the Security Configuration Window is not displayed.
Figure 3-1 Security Configuration Window
Cisco does not recommend that you bypass the entering of security information by clicking Finish on the Security Configuration window and clicking No on the message asking if you would like to configure the Security Configuration, for the following reasons:
•If you bypass the entry of security information and User Manager is disabled in your source access point, the upgraded access point will only allow you to login using the console port.
•If you bypass the entry of security information and if User Manager is enabled in your source access point, the upgraded access point might not allow you to login. All access to the access point may be blocked (Telnet, browser, and the console port). If this occurs, you must reset the access point to defaults using the mode button (refer to the Troubleshooting section of the Cisco Aironet 1200 Series Access Point Hardware Installation Guide or the Cisco Aironet 350 Series Access Point Hardware Installation Guide).
Clicking the Get Security Configuration button enables the conversion tool to obtain security information from your access point. When your VxWorks access point is powered up, click Get Security Configuration and a message appears indicating that the conversion tool is trying to gather security information from your access point.
When the conversion tool obtains the security information, the next Security Configuration window appears (Figure 3-2) and enables you to enter the passwords, secret keys, and WEP keys for your access point. When you have entered all security parameters, click Finish and the conversion tool's main window appears displaying your new task (see Figure 1-2).
Note The conversion tool encrypts the entered passwords, secret keys, and WEP keys for extra security.
Figure 3-2 Security Configuration Window
The Security Configuration window buttons are described in Table 3-1.
Table 3-1 Security Configuration Window Buttons
Buttons
|
Configuration Area
|
Description
|
Set Password
|
LEAP
|
Enables you to enter the password for each LEAP configuration entry.
|
Set Password
|
User Manager
|
Enables you to enter the password for each user manager entry.
|
Set Secret Key
|
AAA Server
|
Enables you to enter the Secret key for each AAA server entry.
|
Def. 11b WEP
|
WEP Key
|
Enables you to enter the WEP key for the 802.11b
(2.4-GHz) radio interface. Used for non-VLAN setup.
|
Def. 11a WEP
|
Enables you to enter the WEP key for the 802.11a
(5-GHz) radio interface. Used for non-VLAN setup. This button is not available on 350 series access points.
|
Set VLAN WEP
|
Enables you to set the WEP key for each VLAN configuration entry.
|
Back
|
-
|
Ignores any entered parameters and returns to the Device Configuration window.
|
Finish
|
-
|
Accepts the security configuration parameters and closes the window.
|
Cancel
|
-
|
Closes the window and ignores any entered configuration parameters.
|
Help
|
-
|
Provides online help for the window.
|
LEAP Configuration for a Repeater
The LEAP configuration parameters are used when the access point is configured as a repeater and is required to authenticate to a LEAP server as a client before network access is allowed. LEAP authentication requires a valid username and password. For each entry listed, you must enter the LEAP password using the Set Password button. The following fields are displayed:
•Module—identifies the radio interface.
–11b—indicates the 802.11b (2.4-GHz) radio interface.
–11a—indicates the 802.11a (5-GHz) radio interface.
•User Name—indicates the LEAP username that is used for authentication.
•Password—indicates the LEAP password that is used for authentication. You must enter this parameter using the Set Password button.
User Manager Configuration
The User Manager Configuration area of the Security Configuration window identifies the users with special access privileges to the access point. For each entry, you must enter the user's password using the Set Password button.
The following fields are displayed:
•Capabilities—indicates the user's access privileges on the access point.
–Administrator—The user can view most system windows. To view all system windows and make changes to the system, the user must have Write capability.
–Write—The user can change system settings. A user with Write capability also automatically has Admin capability.
–Firmware—The user can update the access point's firmware. A user with Firmware capability also automatically has Write and Admin capabilities.
–Identity—The user can change the access point's identity settings (IP address and SSID). A user with Ident capability also automatically has Write and Admin capabilities.
–SNMP—Designates the username as an SNMP community name. SNMP management stations can use this SNMP community name to perform SNMP operations. The SNMP check box does not grant SNMP write capability to the user; it only designates the username as an SNMP community name.
•Name—indicates the username.
•Password—indicates the user's password. You must enter this parameter using the Set Password button.
AAA Server Configuration
The AAA Server Configuration area of the Security Configuration window lists the authentication, authorization, and accounting servers used by the access point. For each entry, you must enter the secret key clicking the Set Secret Key button.
Note If host names are used for RADIUS, accounting, and NTP servers, the converted Cisco IOS 350 series access points are unable to use DNS to obtain the corresponding IP addresses. Cisco recommends that you change your VxWorks configurations to use IP addresses rather than host names for RADIUS, accounting, and NTP servers, or to configure the servers after the converted access points boot up.
WEP Key Configuration
The WEP Key Configuration area of the Security Configuration window lists the VLANs defined in the access point. For each VLAN entry, you must enter the WEP keys using the Set VLAN WEP button.
When VLANs are not defined and WEP security is used on the access point, you must enter the WEP keys for the radio interfaces supported by the access point. To enter the WEP keys, click Def. 11b WEP for the 802.11b (2.4-GHz) radio and click Def. 11a WEP for the 802.11a (5-GHz) radio.
When you click the Set VLAN WEP, Def. 11b WEP, or Def. 11a WEP buttons, a WEP Key window (Figure 3-3) appears. You can enter up to four WEP keys and select either a 40-bit or a 128-bit key size.
Note For 40-bit encryption, you must enter 10 hexadecimal digits; for 128-bit encryption, you must enter 26 hexadecimal digits. Hexadecimal digits include the numbers 0 through 9 and the letters A through F. The letters are not case sensitive.
The Key Size drop-down menu enables you to select 40-bit or 128-bit encryption for each WEP key. The not set option clears the WEP key. You must set one of the WEP keys as the transmit key by clicking the Transmit with Key selection box.
Note If your access point is configured for Network-EAP as the authentication type, you must select key 1 as the transmit key.
Figure 3-3 shows the WEP Key Configuration window.
Figure 3-3 WEP Key Configuration Window
Note The Transmit with Key selection boxes are unavailable on the VLAN WEP key window.
