Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How can I use Dynamic Encryption with MAC Authentication In WLAN?

Dear there:

Here I use MAC Authentication with a ACS in a Wireless LAN, but I didn't find any encryption options both in AP side and the client side. Is that the MAC Authentication doesn't support the Dynamic Encryption?

so, with MAC Authentication on ACS, how could I implement the Dynamic encryption on APs?

Thanks!!

1 REPLY

Re: How can I use Dynamic Encryption with MAC Authentication In

Hi,

What Aironet model & IOS version you use? Use the following guide if your AP runs on IOS.

When you used MAC authentication, you have to enable Open Authentication with EAP, but it comes with additional configuration too.

Anyway, since you’re looking at dynamic encryption, I believed the solution more or less is stated in the following url:

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml

For dynamic encryption, in the document, look under “Define Client Authentication”. You’re required to set encryption as mandatory (check the snapshot of AP). This means it will dynamically encrypt the data transmitted between client and AP.

Since you’re already using MAC Address authentication, you can combined the EAP with MAC Authentication (refer to snapshot of AP config under Step 2).

Before that, you need to generate certificate in ACS. Install this cert in your client pc (right-click, choose ‘install certificate’). Let me know of you need info on how to generate self cert in ACS.

For client configuration, under properties – Wireless Networks – create/edit your ssid setting. Under Association, make sure to enable ‘Data encryption’ and ‘The key is provided to me automatically’. Under Authentication tab, choose ‘Enable IEEE802.1x …’. Under EAP type, choose ‘Protected EAP’, then click ‘Properties’ button. Under ‘Trusted Root Certification Authorities’, look (scroll down) and select the cert you’ve just installed. Don’t forget to choose ‘Enable Fast Reconnect’.

*put all this setup under your existing SSID

Hope this helps you with your WLAN implementation.

Rgds,

AK

114
Views
0
Helpful
1
Replies