Online Help for Cisco IOS Release 12.2(15)JA
     
Home
Express Setup
Express Security
Network Map
Association
Network Interfaces
Security
Services
System Software
Event Log

 

  

Home: Configuring/Enabling Network EAP

A bridge uses the Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server on your network to provide authentication for wireless client devices.

In order to configure Network EAP, you must first configure the SSID. Complete the following steps to configure the SSID.

  1. From the navigation menu, click Security to go the Security Summary page.
  2. From the expanded Security menu, click SSID Manager to go to the SSID Manager page.



  3. At the VLAN list, select the VLAN to be used for this SSID. Select <NONE> if VLANs are not enabled.
  4. Under Authentication Methods Accepted, check the Network EAP check box.
  5. Click Apply to create the SSID.

Now that the SSID is configured, you must configure the encryption. Complete the following steps to configure the encryption.

  1. From the navigation menu, click Security to go the Security Summary page.
  2. From the expanded Security menu, click Encryption Manager to go to the Encryption Manager page.



  3. From the Set Encryption Mode and Keys for VLAN drop-down menu, select the VLAN corresponding to the SSID you added above. Select <NONE> if VLANs are not enabled.
  4. Under the Encryption Mode section, click the WEP Encryption radio button to enable encryption. You can choose either Optional or Mandatory from the drop-down menu.
  5. Click Apply.

Now that encryption is configured, you must add a RADIUS server.

  1. From the navigation menu, click Security to go the Security Summary page.
  2. From the expanded Security menu, click Server Manager to go to the Server Manager screen.
  3. In the Current Server List, select the server to be used for EAP authentication. If you need to create a new server, continue to step 4. Otherwise, skip to Step 10.
  4. Select <NEW> from the Current Server List.
  5. Enter the server host name or IP address in the Server text field.
  6. In the Shared Secret text field, enter the shared secret used by your specified server that matches the one on the bridge.
  7. Enter the port number your server uses for authentication in the Authentication Port parameter. The port setting for the Cisco RADIUS server (the Access Control Server [ACS]) is 1645, and the port setting for many RADIUS servers is 1812.
  8. Check the EAP Authentication check box in the Use Server For section.
  9. Click the first Apply button to add the server.
  10. Steps 11 through 16 are optional tasks and can be skipped to expedite setup. Click the Global Properties tab. Specify the interval at which the accounting updates should be performed in the Accounting Updates Interval field.
  11. In the TACACS+ Server Timeout field, specify the number of seconds an access point waits for a reply to a TACACS+ request before resending the request.
  12. In the RADIUS Server Timeout field, specify the number of seconds an access point waits for a reply to a RADIUS request before resending the request.
  13. In the RADIUS Server Retransmit Retries field, specify the number of times the access point sends each RADIUS request to the server before giving up.
  14. If more than one RADIUS server is configured for EAP authentication, enable the Dead Server List option. Specify how long unresponsive RADIUS servers should be skipped over when the access point is attempting RADIUS server authentication. Enter this amount in the Server remains on list for text field.
  15. Click Apply in the Global Server Properties section.

Configuring advanced EAP parameters

Now that the RADIUS server is added, you can configure advanced EAP parameters. These steps are optional and can be skipped to expedite setup.

Complete the following steps to configure advanced EAP parameters.

  1. From the navigation menu, click Security to go the Security Summary page.
  2. From the expanded Security navigation menu, click Advanced Security to go to the Advanced Security screen.



  3. Choose either the second or third option to enable authentication. These interval options set how often EAP authentication is reattempted. You can enter your own interval or use the one provided by the RADIUS server.
  4. In the EAP Client Timeout text field, enter the amount of time the access point should wait for wireless clients to respond to EAP authentication requests.
  5. Click Apply.
   
Copyright (c) 2004 by Cisco Systems, Inc.