encryption.
Content 6.5 Configuring Encryption and Authentication on Lightweight Access Points 6.5.3 Configuring WPA Preshared Key For existing WLANs, choose WLANs, and then Edit, to navigate to this page. For new WLANs, create a new WLAN by choosing WLANs > New, and then click Apply to navigate to this page. This page allows you to edit the configurable parameters for a WLAN as shown in Figure :
Content 6.5 Configuring Encryption and Authentication on Lightweight Access Points 6.5.4 Configuring Web Authentication Web authentication allows users to authenticate through a web browser interface. Clients who attempt to access the WLAN using HTTP are automatically redirected to a login page. The login page is customizable for both logos and text. The maximum simultaneous authentication requests using web authentication is 21. The maximum number of local web authentication users is 2500. Web authentication is generally used for “guest” access, and you should bear in mind that client data is not secured between the client and the access point. Because there is no encryption, per-packet authentication, or message integrity check (MIC), users should use some other security mechanism after authentication. This authentication method does not protect against interception, hijacking, or packet modification. Note
Web authentication is a feature of Cisco 4400 Series Wireless LAN Controllers and Cisco Catalyst 6500 Series Wireless Services Module (WiSM). It is not a feature of Cisco 2000 Series Wireless LAN Controllers or Cisco Integrated Services Routers Wireless LAN Controller Modules. Figure summarizes these points. Configure web authentication as follows: In the Layer 3 Security area shown in Figure , check the Web Policy check box to enable the web policy. The bottom of the page will change to reflect this choice and offer the following parameters for web authentication: Note
The controller will have to reboot to load and enable the web authentication feature.
Content 6.5 Configuring Encryption and Authentication on Lightweight Access Points 6.5.5 Customizing the Web Login Page Figure shows how to customize the web login page. Choose Management > Web Login Page to navigate to this page. You can customize the content and appearance of the web login page that appears the first time a user accesses the client. The Web Login page parameters are as follows: Note
The following parameters will be displayed only if the Use External Web Authentication option is disabled.
Content 6.5 Configuring Encryption and Authentication on Lightweight Access Points 6.5.6 Configuring 802.1x Authentication Figure shows how to configure 802.1x authentication as follows: Choose 802.1x from the Layer 2 Security drop-down list under the Security Policies heading. If this is a new WLAN ID, 802.1x will be the default authentication policy. The bottom of the screen will update to show the 802.1x options with the appropriate parameters. 802.1x uses dynamic 802.11 WEP keys. The options are these: Note
802.11 standards support 40/64- and 104/128-bit keys. 128/152-bit keys are supported by 802.11i, WPA, and WPA2.
Content 6.5 Configuring Encryption and Authentication on Lightweight Access Points 6.5.7 Configuring WPA with 802.1x Figure shows how to configure WPA with 802.1x as follows: Choose WPA from the Layer 2 Security drop-down list under the Security Policies heading. Leave the Pre-Shared Key Enabled check box unchecked for WPA with dynamic keys. The authentication process will use dynamic Extensible Authentication Protocol (EAP) 802.1x authentication to a RADIUS server.
Content 6.5 Configuring Encryption and Authentication on Lightweight Access Points 6.5.8 WPA2 Figure shows how to configure WPA2 as follows: Choose WPA-2 from the Layer 2 Security drop-down list under the Security Policies heading. The security policy options and parameters at the bottom of the page are as follows: