Online Help for Cisco IOS Release 12.3(04)JA
Home
Express Set-up
Express Security
Network Map
Association
Network Interfaces
Security
Admin Access
SSID Manager
Encryption Manager
Server Manager
Local RADIUS Server
Advanced Security
Services
Wireless Services
System Software
Event Log

 

  
Security: Advanced Security
 

You can set up the access point to authenticate client devices using a combination of MAC-based and EAP authentication. When you enable this feature, client devices that associate to the access point using 802.11 open authentication first attempt MAC authentication. If MAC authentication succeeds, the client device joins the network. If the client is also using EAP authentication, it attempts to authenticate using EAP. If MAC authentication fails, the access point waits for the client device to attempt EAP authentication.

MAC Address Authentication

MAC Addresses Authenticated by

If you want the authentication to be stored on the access point, choose Local List Only and enter MAC addresses. If you want the authentication to be stored on the server, choose the Authentication Server Only option. Choose Authentication Server if not found in Local List if you want to try MAC authentication list first and then automatically try the Authentication server list. If the authentication succeeds, the client joins the network.

You are required to define at least one server and check Use for MAC Authentication on the Server Manager window if you select either Authentication Server Only or Authentication Server if not found in Local List.

MAC Authentication Client Holdoff

This feature is currently not available.

Local MAC Address List

Local List

The MAC addresses appear in the Local List. The MAC addresses remain in the management system until you remove them. To remove the MAC address from the list, select it and click Delete.

New MAC Address

If you need to enter a new MAC address, type the address with periods separating character pins. Then click Apply to put the MAC address in the management system. You must also enable MAC address authentication on the SSID Manager window. You can navigate to the Association page to verify that the preconfigured clients were associated and authenticated.

EAP Authentication

The EAP authentication designates the server as an authenticator for any EAP type, including LEAP, EAP-TLS, and EAP-MD5.

EAP Reauthentication Interval

Click Disable Reauthentication if you don't want to force reauthentication and the switching of encryption keys. If you choose to enable it, you can set the timeframe for reauthentication. Clicking Enable Reauthentication with Interval forces reauthentication and switching of encryption keys. You can also choose to enable reauthentication using the interval provided by the authentication server.

EAP Client Timeout (optional)

The amount of time the access point waits for a wireless client to reply with EAP authentication information. After the time expires, the association manager module in the access point disassociates the client.

 

See Also: Enabling and Configuring Local MAC Authentication,
Advanced Security: MAC Address Authentication,
Advanced Security: Association Access List

 

 

 
   
Copyright (c) 2005 by Cisco Systems, Inc.