authentication-type [eap|eap-mac|eap-psk|kerberos|mac|none]
authentication-type [eap|eap-mac|eap-psk|kerberos|mac|none]
| authentication-type | Configures a WLAN's authentication type The authentication types are: EAP, EAP-MAC, EAP-PSK, Kerberos, MAC, and none. |
| eap | Configures EAP authentication (802.1X) EAP is the de-facto standard authentication method used to provide secure authenticated access to controller managed WLANs. EAP provides mutual authentication, secured credential exchange, dynamic keying and strong encryption. 802.1X EAP can be deployed with WEP, WPA or WPA2 encryption schemes to further protect user information forwarded over controller managed WLANs. The EAP process begins when an unauthenticated supplicant (client device) tries to connect with an authenticator (in this case, the authentication server). An Access Point passes EAP packets from the client to an authentication server on the wired side of the Access Point. All other packet types are blocked until the authentication server (typically, a RADIUS server) verifies the client‘s identity. If using EAP authentication ensure that a AAA policy is mapped to the WLAN. |
| eap-mac | Configures EAP or MAC authentication depending on client. (This setting
is valid only with the None encryption type. EAP-MAC is useful when in a hotspot environment, as some clients support EAP and an administrator may want to authenticate based on just the MAC address of the device. |
| eap-psk | Configures EAP authentication or pre-shared keys depending on client
(This setting is only valid with Temporal Key Integrity Protocol
(TKIP) or Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP) encryption types. When using PSK with EAP, the controller sends a packet requesting a secure link using a pre-shared key. The controller and authenticating device must use the same authenticating algorithm and passcode during authentication. EAP-PSK is useful when transitioning from a PSK network to one that supports EAP. If using eap-psk authentication ensure that a AAA policy is mapped to the WLAN. |
| kerberos | Configures Kerberos authentication (encryption will change to WEP128 if
it‘s not already WEP128 or Keyguard) Kerberos (designed and developed by MIT) provides strong authentication for client/server applications using secret-key cryptography. Using Kerberos, a client must prove its identity to a server (and vice versa) across an insecure network connection. Once a client and server use Kerberos to validate their identity, they encrypt all communications to assure privacy and data integrity. Kerberos can only be used on the access point with 802.11b clients. Kerberos uses Network Time Protocol (NTP) for synchronizing the clocks of its Key Distribution Center (KDC) server(s). |
| mac | Configures MAC authentication (RADIUS lookup of MAC address) MAC is a device level authentication method used to augment other security schemes when legacy devices are deployed using static WEP. MAC authentication can be used for device level authentication by permitting WLAN access based on device MAC address. MAC authentication is typically used to augment WLAN security options that do not use authentication (such as static WEP, WPA-PSK and WPA2-PSK) MAC authentication can also be used to assign VLAN memberships, firewall policies and time and date restrictions. MAC authentication can only identify devices, not users. If using mac authentication ensure that an AAA policy is mapped to the WLAN. |
| none | No authentication is used or the client uses pre-shared keys |
nx9500-6C8809(config-wlan-test)#authentication-type eap
nx9500-6C8809(config-wlan-test)#show context wlan test ssid test bridging-mode tunnel encryption-type none authentication-type eap accounting syslog host 172.16.10.4 port 2 acl exceed-rate wireless-client-denied-traffic 20 disassociate nx9500-6C8809(config-wlan-test)#
| no (wlan-config-mode) | Resets the authentication mode used with this WLAN to default (none/pre-shared keys) |