Symbol Technologies WS 2000 Security-How to Configure 802.1x EAP Authentication, RIP v2, Compat

Page 56

 

Security—How to Configure 802.1x EAP Authentication

 

 

RIP v2 (v1

RIP version 2 (compatible with version 1) is an extension of RIP

compat)

v1’s capabilities, but it is still compatible with RIP version 1. RIP

 

version 2 increases the amount of packet information to provide the

 

a simple authentication mechanism to secure table updates.

 

 

RIP v2

RIP version 2 enables the use of a simple authentication

 

mechanism to secure table updates. More importantly, RIP version

 

2 supports subnet masks, a critical feature that is not available in

 

RIP version 1. This selection is not compatible with RIP version 1

 

support.

 

 

2.Select a routing direction from the RIP Direction drop-down list. Both (for both directions), Rx only (receive only) and TX only (transmit only) are available options.

3.If RIP v2 or RIP v2 (v1 compat) is the selected RIP type, the RIP v2 Authentication area of the screen becomes active. Select the type of authentication to use from the Authentication Type drop-down list. Available options are:

None

This option disables the RIP authentication.

 

 

Simple

This option enable RIP version 2’s simple authentication

 

mechanism.

 

This setting activates the Password (Simple Authentication) field.

 

 

MD5

This option enables the MD5 algorithm for data verification. MD5

 

takes as input a message of arbitrary length and produces a 128-bit

 

fingerprint. The MD5 algorithm is intended for digital signature

 

applications, in which a large file must be compressed in a secure

 

manner before being encrypted with a private (secret) key under a

 

public-key cryptographic system. The MD5 setting activates the RIP

 

v2 Authentication settings for keys (below).

 

 

4.If the Simple authentication method is selected, specify a password of up to 15 alphanumeric characters in the Password (Simple Authentication) field.

5.If the MD5 authentication method is selected, fill in the Key #1 and Key #2 fields. Type in any numeric value between 0 and 256 into the MD5 ID field. Type in any string consisting of 16 alphanumeric characters into the MD5 Auth Key field.

6.Click the OK button to return to the Routing screen.

Security—How to Configure 802.1x EAP Authentication

The IEEE 802.1x is an authentication standard that ties EAP to both wired and wireless LAN applications. EAP provides effective authentication with or without IEEE 802.1x Wired Equivalent Privacy (WEP) encryption, or with no encryption at all. EAP supports multiple authentication measures. It requires that the site have a authentication (Remote Dial-In User Service—RADIUS) server on the wired side of the Access Port. All other packet types are blocked until the authentication server verifies the client’s identity. To set up 802.1x EAP authentication:

1.Go to the Network Configuration --> Wireless --> <WLAN Name> --> <WLAN Name> Security screen.

2.Select the 802.1x EAP radio button to enable the 802.1x Extensible Authentication Protocol (EAP).

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

56

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

 

Page 55 Page 57
Image 56
Page 55 Page 57
Contents 72E-67701-01 Rev a March WS 2000 Wireless Switch VersionSystem Reference Copyright PatentsTable of Contents Chapter Advanced Configuration Chapter Field Office Example 111 Document Conventions WS 2000 Wireless Switch System Reference GuideAbout this Document Management of Access Ports Wireless LAN Wlan SecuritySystem Overview Firewall SecurityHardware Overview Technical SpecificationsPhysical Specifications Operating System OS Services Cell Controller ServicesPower Specifications Environmental SpecificationsGateway Services 802.11a Support 802.11b SupportAccess Ports Network Address Translation NAT Gateway ServicesWS 2000 Wireless Switch Firewall Layer 3 Routing Snmp Management SupportDhcp Client and Server OverviewWEP 128 104-bit Key 802.1x with Radius AuthenticationWEP 64 40-bit key 802.1x with Shared Key Authentication Kerberos AuthenticationWireless Protected Access WPA KeyGuard-MCM SupportGetting Started Overview Installing the SwitchSet up Communication to the Switch Getting Started Overview Changing the Administrator Password Configure the LAN Interface Configuring the SwitchDefining the Subnets Field DescriptionConfigure Subnets InterfacesDhcp Configuration Advanced Dhcp Settings Configure the WAN Interface Communicating with the Outside WorldSetting Up Point-to-Point over Ethernet PPPoE Communication Enable Wireless LANs WLANs ChapWireless Summary Area Configure WLANs Access Port AdoptionSubnet Configure Wlan SecurityField Description Name Setting the Authentication Method 802.1x EAP AuthenticationConfiguring WEP Encryption Setting the Encryption MethodKerberos Authentication Configuring WPA-TKIP Configure Wlan Security KeyGuard-MCM No EncryptionConfigure Access Ports Mobile Unit Access Control List ACLConfigure Access Ports Configure Subnet Access NameAccess Overview Table Access Exception AreaColor Access Type Description Green YellowProtocol Transport Description Port Used HttpTransport Description ALLAdvanced Configuration WLAN-How to Configure Advanced SettingsWLAN-Setting Default Access Port Settings WLAN-Setting Default Access Port Settings Beacon Interval Dtim PeriodSecurity Beacon WLAN-Advanced Access Port SettingsPrimary Wlan WLAN-Advanced Access Port Settings Beacon is a packet broadcast by the adopted access ports to Gateway-How to Configure Network Address Translation NAT Gateway-How to Configure Network Address Translation NAT Gateway-How to Configure the WS 2000 Firewall Always On Firewall FiltersConfigurable Firewall Filters Gateway-How to Configure Static Routes Mime Flood Attack CheckSetting the RIP Configuration Defining RoutesNo RIP RIPSecurity-How to Configure 802.1x EAP Authentication RIP v2Compat NoneSecurity-How to Configure 802.1x EAP Authentication Security-How to Configure 802.1x EAP Authentication Security-How to Configure Kerberos Authentication Security-How to Specify a Network Time Protocol NTP Server Switch Settings WS 2000 Wireless Switch LED FunctionsOverview Location DescriptionChanging the Name of the Switch Change the Location and Country Settings of the WS Location fieldHow to Restart the WS 2000 Wireless Switch Updating the WS 2000 Wireless Switch’s FirmwareChecking for and Downloading Firmware updates Performing the Firmware UpdateSystem Configuration Exporting and Importing Wireless Switch SettingsTo Export Settings to a Local File To Import or Export Settings to an FTP SiteTo Import Settings to a Local File How to Restore Default Configuration Settings Property Value Remote Administration How to Configure Snmp TrapsSetting the Snmp Version Configuration Setting Up Snmp v1/v2c Community DefinitionsSetting Up Snmp v3 Community Definitions NoAuthAuthNoPriv AuthPrivSetting Up the Access Control List Setting the Trap ConfigurationAuthentication ConfigurationTrap Trap Name Generates a Trap when… Category Cold StartSetting the Trap Configuration for Snmp v1/v2c Configure Administrator Access Setting the Trap Configuration for SnmpConfigure Management Access Access Port DescriptionAccess Port Statistics Setup AirBEAM Software AccessChanging the Administrator and Manager Passwords Statistics and LogsGeneral Access Port Information Received and Transmitted Tables Associated Mobile UnitsSubnet Statistics Received Field Description Transmitted Description FieldWAN Statistics InterfacesReceived Field Description Setting Up and Viewing the System Log Viewing the Log on the SwitchSetting Up a Log Server Retail Use Cases BackgroundPlan Configuring the System Settings Contacting the Wireless SwitchEntering the Basic System Settings Setting Access Control Subnet IP Address Range Configuring the SubnetsIP Address Plan Configuring POS Subnet For each subnetConfiguring the Printer Subnet Retail Use Cases Configuring the Cafe Subnet Retail Use Cases Configuring the WAN Interface Configuring Network Address Translation NAT Retail Use Cases Configuring the Access Ports Setting Access Port DefaultsSwitch Port Connected to Inspecting the FirewallNaming the POS Access Port Configuring the Printer Access Port Configuring the Cafe Access Port Associating the Access Ports to the WLANs Configuring the WLANs Configuring the Cafe WlanConfiguring the Printer Wlan Name PrinterConfiguring the POS Wlan For the POS WLAN, she makes the following choicesSetting Subnet Access Retail Use Cases Testing Connections Configuring the ClientsWireless Authentication Encryption Channel Client IP Address Subnet Mask Gateway PortField Office Example Plan Configuring the System Settings Entering the Basic System Settings Setting Access Control Field Office Example Configuring the LAN Configuring the Engineering LANField Office Example Field Office Example Configuring the Sales Subnet Configuring the WAN Field Office Example Setting Up Network Address Translation Field Office Example Confirm Firewall Configuration Adopting Access PortsMAC Address Location Adoption List LabelField Office Example Configuring the WLANs Security Field Office Example Wlan Field Office Example Field Office Example Field Office Example Access Port Channel Configuring Subnet Access Installing the Access Ports and Testing Appendix A. Sample Configuration File NTP menu Wlan 1 configuration set mode 1 enable Wlan 3 configuration set mode 3 disable Default 802.11 a radio configuration set reg a in/out 149 Access Port configuration LAN Dhcp configuration network Firewall configuration set syn enable Outbound 1-To-Many NAT configuration set outb map s1 Page Index FTP Snmp 802.1x EAP authentication
Top Page Image Contents