5-11
Cisco Aironet 1300 Series Outdoor Access Point/Bridge Hardware Installation Guide
OL-5048-02
Chapter 5 Configuring the Access Point/Bridge for the First Time
Configuring Basic Security Settings
Understanding Express Security Settings
When the access point/bridge configuration is at factory defaults, the first SSID that you create by using
the Express Security page overwrites the default SSID (tsunami), which has no security settings. The
SSIDs that you create appear in the SSID table at the bottom of the page. You can create up to 16 SSIDs
on the access point/bridge.
Note
In Cisco IOS Release 12.3(4)JA, there is no default SSID and the radio is disabled by default. You must
configure an SSID and enable the radio before client devices can associate to the access point.
Using VLANs
If you use VLANs on your wireless LAN and assign SSIDs to VLANs, you can create multiple SSIDs
by using any of the four security settings on the Express Security page. However, if you do not use
VLANs on your wireless LAN, the security options that you can assign to SSIDs are limited because on
the Express Security page encryption settings and authentication types are linked. Without VLANs,
encryption settings (WEP and ciphers) apply to an interface, such as the radio, and you cannot use more
than one encryption setting on an interface. For example, when you create an SSID with static WEP with
VLANs disabled, you cannot create additional SSIDs with WPA authentication because they use
different encryption settings. If you find that the security setting for an SSID conflicts with another
SSID, you can delete one or more SSIDs to eliminate the conflict.
If any VLANs are defined on the access point/bridge, the trunk port on the switch must be limited to
allow only the VLANs defined on the access point/bridge.
Express Security Types
Table 5-2
describes the four security types that you can assign to an SSID.
Table 5-2
Security Types on Express Security Setup Page
Security Type
Description
Security Features Enabled
No Security
This is the least secure option. You should
use this option only for SSIDs used in a
public space and assign it to a VLAN that
restricts access to your network.
None.
Static WEP Key
This option is more secure than no security.
However, static WEP keys are vulnerable to
attack. If you configure this setting, you
should consider limiting association to the
bridge based on MAC address (refer to the
Cisco IOS Software Configuration Guide
for Cisco Aironet Access Points)
.
Mandatory WEP. Client devices
cannot associate using this SSID
without a WEP key that matches
the bridge
’s
key.