Cisco AP541N-A-K9 Administration Guide - Page 72

4 69 Wireless Modifying Virtual Access Point Settings Dynamic WEP Dynamic WEP mode uses IEEE 802.1X, the standard defining port-based authentication and infrastructure for doing key management. Extensible Authentication Protocol (EAP) messages are sent over an IEEE 802.11 wireless network by using a protocol called EAP Encapsulation Over LANs (EAPOL). Dynamic WEP mode provides dynamically-generated keys that are periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame. This mode requires the use of an external RADIUS server to authenticate users. The AP requires a RADIUS server capable of EAP, such as the Microsoft Internet Authentication Server. To work with Windows clients, the authentication server must support Protected EAP (PEAP) and MSCHAP V2. You can use any of a variety of authentication methods that the Dynamic WEP mode supports, including certificates, Kerberos, and public key authentication. You must configure the client stations to use the same authentication method the access point uses. Table 14 Dynamic WEP Field Use Global RADIUS Server Settings Description By default each VAP uses the global RADIUS settings that you define for the AP at the top of the VAP page. However, you can configure each VAP to use a different set of RADIUS servers. To use the global RADIUS server settings, make sure the check box is selected. RADIUS IP Address RADIUS IP Address 1-3 To use a separate RADIUS server for the VAP, clear the check box and enter the RADIUS server IP address and key in the following fields. Enter the address for the primary RADIUS server for this VAP. Enter up to three IPv4 addresses to use as the backup RADIUS servers for this VAP. If authentication fails with the primary server, each configured backup server is tried in sequence. Cisco AP 541N Dual-band Single-radio Access Point Quick Start Guide