Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

data-security

wlan interface data-security—Configure the Wi-Fi protected access (WPA) and WPA2 data protection and network access control to use for an IEEE 802.11i wireless LAN (on vEdge cellular wireless routers only).

WPA authenticates individual users on the WLAN using a username and password. WPA uses the Temporal Key Integrity Protocol (TKIP), which is based on the RC4 cipher.

WPA2 implements the NIST FIPS 140-2–compliant AES encryption algorithm along with IEEE 802.1X-based authentication, to enhance user access security over WPA. WPA2 uses the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on the AES cipher.

Authentication is done either using preshared keys and through RADIUS authentication.

vManage Feature Template

For vEdge cellular wireless routers only:

Configuration ► Templates ► WiFi SSID

Command Hierarchy

wlan radio-band
  interface vapnumber
    data-security security

Options

Data Security Method
security
Security method to apply to wireless LAN network data. It can be one of the following:
none—No security is applied to the WLAN data. This is the default.
wpa-enterprise—Also called WPA-802.1X mode. Enable WPA security in conjunction with a RADIUS authentication server. Configure the RADIUS server to use with the radius-servers command.
wpa-personal—Also called WPA-PSK (preshared key) mode. Enable WPA security where each user enters a username and password to connect to the WLAN. Each wireless network device encrypts network traffic using a 256-bit key. Configure the password with the wpa-personal-key command.
wpa/wpa2-enterprise—Enable both WPA and WPA2 security in conjunction with a RADIUS authentication server. Configure the RADIUS server to use with the radius-servers command.
wpa/wpa2-personal—Enable both WPA and WPA2 security using only a username and password for authentication. Configure the password with the wpa-personal-key command.
wpa2-enterprise—Enable WPA2 security in conjunction with a RADIUS authentication server. Configure the RADIUS server to use with the radius-servers command.
wpa2-personal—Enable WPA2 security using only a username and password for authentication. Configure the password with the wpa-personal-key command.

Example

Configure data security on VAP interfaces 1, 2, and 3:

vEdge# show running-config wlan
wlan 5GHz
 channel 36
 interface vap0
  ssid     tb31_pm6_5ghz_vap0
  no shutdown
 !
 interface vap1
  ssid           tb31_pm6_5ghz_vap1
  data-security  wpa/wpa2-enterprise
  radius-servers tag1
  no shutdown
 !
 interface vap2
  ssid             tb31_pm6_5ghz_vap2
  data-security    wpa/wpa2-personal
  mgmt-security    optional
  wpa-personal-key $4$BES+IEZB2vcQpeEoSR4ia9JqgDsPNoHukAb8fvxAg5I=
  no shutdown
 !
 interface vap3
  ssid           tb31_pm6_5ghz_vap3
  data-security  wpa2-enterprise
  mgmt-security  optional
  radius-servers tag1
  no shutdown
 !
!

Release Information

Command introduced in Viptela Software Release 16.3.​

  • Was this article helpful?