Cisco AIR-AP1242AG-E-K9 Hardware Installation Guide - Page 47
Understanding Express Security Settings, Using VLANs, Express Security Types
View all Cisco AIR-AP1242AG-E-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 47 highlights
Chapter 3 Configuring the Access Point for the First Time Configuring Basic Security Settings Understanding Express Security Settings When the access point configuration is at factory defaults, the first SSID that you create by using the Express Security page overwrites the default SSID (tsunami), which has no security settings. The SSIDs that you create appear in the SSID table at the bottom of the page. You can create up to 16 SSIDs on the access point. Note In Cisco IOS Release 12.3(4)JA and later, there is no default SSID. You must configure an SSID before client devices can associate to the access point. Using VLANs If you use VLANs on your wireless LAN and assign SSIDs to VLANs, you can create multiple SSIDs by using any of the four security settings on the Express Security page. However, if you do not use VLANs on your wireless LAN, the security options that you can assign to SSIDs are limited because on the Express Security page encryption settings and authentication types are linked. Without VLANs, encryption settings (WEP and ciphers) apply to an interface, such as the radio, and you cannot use more than one encryption setting on an interface. For example, when you create an SSID with static WEP with VLANs disabled, you cannot create additional SSIDs with WPA authentication because they use different encryption settings. If you find that the security setting for an SSID conflicts with another SSID, you can delete one or more SSIDs to eliminate the conflict. If any VLANs are defined on the access point, the trunk port on the switch must be limited to allow only the VLANs defined on the access point. Express Security Types Table 3-2 describes the four security types that you can assign to an SSID. Table 3-2 Security Types on Express Security Setup Page Security Type No Security Static WEP Key Description Security Features Enabled This is the least secure option. You should use this option only for SSIDs used in a public space and assign it to a VLAN that restricts access to your network. None. This option is more secure than no security. However, static WEP keys are vulnerable to attack. If you configure this setting, you should consider limiting association to the bridge based on MAC address (refer to the Cisco IOS Software Configuration Guide for Cisco Aironet Access Points). Mandatory WEP. Client devices cannot associate using this SSID without a WEP key that matches the bridge's key. OL-4310-05 Cisco Aironet 1200 Series Access Point Hardware Installation Guide 3-11