Cisco AP541N-A-K9 Administration Guide - Page 70

4 Wireless Modifying Virtual Access Point Settings IEEE 802.1X Authentication IEEE 802.1X is the standard defining port-based authentication and infrastructure for doing key management. Extensible Authentication Protocol (EAP) messages sent over an IEEE 802.11 wireless network using a protocol called EAP Encapsulation Over LANs (EAPOL). IEEE 802.1X provides dynamically-generated keys that are periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame. This mode requires the use of an external RADIUS server to authenticate users. The access point requires a RADIUS server capable of EAP, such as the Microsoft Internet Authentication Server. To work with Windows clients, the authentication server must support Protected EAP (PEAP) and MSCHAP V2. You can use any of a variety of authentication methods that the IEEE 802.1X mode supports, including certificates, Kerberos, and public key authentication. You must configure the client stations to use the same authentication method the access point uses. NOTE After you configure the security settings, you must click Apply to apply the changes and to save the settings. Table 13 IEEE 802.1X Field Use Global RADIUS Server Settings Description By default each VAP uses the global RADIUS settings that you define for the access point at the top of the VAP page. However, you can configure each VAP to use a different set of RADIUS servers. To use the global RADIUS server settings, make sure the check box is selected. RADIUS IP Address To use a separate RADIUS server for the VAP, clear the check box and enter the RADIUS server IP address and key in the following fields. Enter the address for the primary RADIUS server for this VAP. 67 Cisco AP 541N Dual-band Single-radio Access Point Quick Start Guide