Cisco Systems OL-29225-01 Film Camera User Manual


 
4-12
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter 4 Configuring the Access Point for the First Time
Assigning Basic Settings
Using VLANs
If you use VLANs on your wireless LAN and assign SSIDs to VLANs, you can create multiple SSIDs
using any of the four security settings on the Express Security page. However, if you do not use VLANs
on your wireless LAN, the security options that you can assign to SSIDs are limited because on the
Express Security page encryption settings and authentication types are linked. Without VLANs,
encryption settings (WEP and ciphers) apply to an interface, such as the 2.4-GHz radio, and you cannot
use more than one encryption setting on an interface. For example, when you create an SSID with static
WEP with VLANs disabled, you cannot create additional SSIDs with WPA authentication because they
use different encryption settings. If you find that the security setting for an SSID conflicts with another
SSID, you can delete one or more SSIDs to eliminate the conflict.
Security Types for an SSID
Table 4-2 describes the four security types that you can assign to an SSID.
Table 4-2 Security Types on Express Security Setup Page
Security Type Description Security Features Enabled
No Security This is the least secure option. You
should use this option only for SSIDs
used in a public space and assign it to
a VLAN that restricts access to your
network.
None.
Static WEP Key This option is more secure than no
security. However, static WEP keys
are vulnerable to attack. If you
configure this setting, you should
consider limiting association to the
wireless device based on MAC
address (see the Chapter 16, “Using
MAC Address ACLs to Block or
Allow Client Association to the
Access Point” or, if your network
does not have a RADIUS server,
consider using an access point as a
local authentication server (see
Chapter 9, “Configuring an Access
Point as a Local Authenticator”).
Mandatory WEP. Client devices
cannot associate using this SSID
without a WEP key that matches the
wireless device key.