Enterasys Networks RBT-4102 manual 802.1x Authentication

Page 119

Security

Supported ‐ allows WPA‐enabled clients and clients only capable of supporting WEP to access the network.

WPA Key Management: You can configure WPA to work in an enterprise environment using IEEE 802.1x and a RADIUS server for user authentication. For smaller networks, you can configure WPA using a common pre‐shared key for client authentication with the access point.

WPA authentication over 802.1x sets this radio interface or VAP to the WPA enterprise mode. This mode uses IEEE 802.1x to authenticate users and to dynamically distribute encryption keys to clients.

WPA Pre‐shared Key sets this radio interface or VAP to the WPA mode for small networks. This mode uses a common password string that is manually distributed. You must configure all wireless clients associated with this radio interface or VAP with the same key. You must specify the key string under the WPA Pre‐Shared Key Type section of the Security Settings page.

Multicast Cipher Mode selects an encryption method for the global key used for multicast and broadcast traffic, which is supported by all wireless clients associated with this radio interface or VAP.

WEP specifies that communicating devices must use the same WEP key to encrypt and decrypt radio signals. WEP has many security flaws, and is not recommended for transmitting highly‐sensitive data.

TKIP provides data encryption enhancements including per‐packet key hashing (that is, changing the encryption key on each packet), a message integrity check, an extended initialization vector with sequencing rules, and a re‐keying mechanism.

AES designated by the National Institute of Standards and Technology as the successor to the Data Encryption Standard (DES) encryption algorithm.

WPA Pre‐shared Key Type specifies the WPA pre‐shared key type and the key for client authentication with this radio interface or VAP. If you use the WPA pre‐shared‐key, you must configure all wireless clients with the same key entered here to communicate with this interface or VAP.

Hexadecimal uses a key made up of a string of 64 hexadecimal numbers.

WPA Pre‐Shared Key specifies the pre‐shared key in the appropriate format for the type of key you selected: a string of 64 hexadecimal numbers, or a string of 8 to 63 alphanumeric characters.

802.1x Authentication:

Wireless clients can be authenticated for network access by checking their MAC address against the local database configured on the access point, or by using the IEEE 802.1x network access authentication protocol to look up their MAC addresses on a RADIUS server. The 802.1x protocol can also be configured to check other user credentials such as a user name and password.

802.1x Setup. IEEE 802.1x is a standard framework for network access control that uses a central RADIUS server for user authentication. This control feature prevents unauthorized access to the network by requiring an 802.1x client application to submit user credentials for authentication. The 802.1x standard uses the Extensible Authentication Protocol (EAP) to pass user credentials (either digital certificates, user names and passwords, or other) from the client to the RADIUS server. Client authentication is then verified on the RADIUS server before the access point grants client access to the network.

RoamAbout RBT-4102 Wireless Access Point Configuration Guide 4-83

Page 118 Page 120
Image 119
Page 118 Page 120
Contents Enterasys RoamAbout Page Page Enterasys Networks, Inc. Firmware License Agreement Iii Page Enterasys Networks, Inc. Software License Agreement Page General Viii Contents Snmp Index Appendix a Default Settings Appendix B TroubleshootingXii Associated Documents Purpose of This ManualIntended Audience Firmware Version SupportConvention Description Getting HelpOverview IntroductionPolicy FeaturesApplications Applications Introduction Network Configuration Network Topologies Ad Hoc Wireless LAN no Access Point or BridgeInfrastructure Wireless LAN Infrastructure Wireless LANInfrastructure Wireless LAN for Roaming Infrastructure Wireless LAN for Roaming Wireless PCsInfrastructure Wireless Bridge Infrastructure Wireless BridgeNetwork Topologies Network Configuration Required Connections Initial Setup Using the CLILogging Enter no ip dhcp to disable Dhcp Using Web Management Initial Setup Using the CLI ```` Initial Setup Using the CLI Initial Setup Using the CLI Initial Setup Using the CLI Initial Setup Using the CLI Using the Command Line Interface CLI Using the Web InterfaceSnmp Identification Using Web Management to Configure System InformationSG Singapore Using the CLI to Configure System InformationEnabled DisabledTCP / IP Settings Using Web Management to Configure TCP/IP TCP / IP Settings TCP/IP Configuration Using the CLI to Configure TCP/IPEthernet Settings Configuration SSH ConfigurationTCP / IP Settings Radius Using Web Management to Configure Radius Radius Attributes Radius Accounting Attribute Description Using the CLI to Configure Radius Authentication Using Web Management to Configure Authentication Allowed Using the CLI to Configure AuthenticationLocal Filter Control and VLANs Using Web Management to Configure Filter Control and VLANsFilter Control and VLANs CLI Commands for Vlan Support Using the CLI to Configure Filter Control and VLANsFilter Control and VLANs CLI Commands for Filtering SVP Commands Using Web Management to Configure CDP CDP SettingsCDP Settings Using the CLI to Configure CDP Rogue AP Detection Using Web Management to Configure Rogue AP DetectionUsing the CLI to Configure Rogue AP Detection TT5 SsidSnmp Using Web Management to Configure SnmpSnmp Notifications Description Snmp Notifications Security Level Snmp Targets CLI Commands for Snmp Using the CLI to Configure SnmpTPS CLI Commands for Configuring SNMPv3 Users and GroupsSnmp CLI Commands for Configuring SNMPv3 Trap Filters CLI Commands for Configuring SNMPv3 TargetsChanging the Password AdministrationUsing Web Management to Change the Password Enabling and Disabling Com Port Using the CLI to Change the PasswordUsing Web Management to Enable and Disable Com Port Using the CLI to Enable and Disable Com PortUpgrading Firmware Using Web Management to Upgrade Firmware Using the CLI to Upgrade Firmware System Log Using Web Management to Configure System LogLogging Level Descriptions Error Level Using the CLI to Configure System Log Using Web Management to Configure Sntp TAIPEI, Beijing Using the CLI to Configure SntpWDS and STP Using Web Management to Configure WDS and STP WDS and STP WDS and STP Using the CLI to Configure WDS Using the CLI to Configure STP Radio Interface Radio Signal CharacteristicsUsing Web Management to Configure Interface Radio Settings Radio SettingsVlan ID Radius Attributes Number Value Radio Interface Radio Interface Radio Interface Example Dynamic WEPAES-TKIP Not SupportedAdmission Control No Example PRE Shared KEY LongTkip RequiredAC1Background Txop Limit 0.000 ms WMM Operation Wi-Fi Multimedia WMM ConfigurationWMM Backoff Wait times Using Web Management to Configure WMMSsid SW-WDS Using the CLI to Configure WMMAntenna Admission Control No AC2Video Txop Limit Using Web Management to Configure Virtual APs Virtual APs VAPs ConfigurationRadio Interface Using the CLI to Configure Virtual APs WPA-ONLY BIT EncryptionAdmission Control No WEP SecurityUsing Web Management to Configure Security Settings Wired Equivalent Privacy WEPSecurity Page Authentication 802.1x Authentication Security Security Using the CLI to Configure WPA over 802.1X Security Using the CLI to Configure WPA Pre-Shared KeyQuality of Service AC1Background LogCwMin LogCwMax Empty Using the CLI to Configure Local MAC AuthenticationNopassword Allowed Local Nopassword AllowedSecurity Using the CLI to Configure Radius MAC Authentication Remote Using the CLI to Configure WEP Shared Key Security Shared Ssid WPATKIP-WEP Ssid ETS Using the CLI to Configure WEP over 802.1x SecurityAuthentication Parameters AES Using the CLI to Configure WPA2 SecurityWPA2-ONLY Using the CLI to Configure WPA2 Pre-Shared Key Security WPA2-PSK Status Menu Description Status InformationUsing Web Management to View AP Status Status Information SQA Using the CLI to Display AP StatusUsing Web Management to View CDP Status Using the CLI to Display CDP Status Using Web Management to View Station Status Status Information Using Web Management to View Neighbor AP Detection Status DEMOWEP1 Using the CLI to View Neighbor AP Detection StatusIbss Gtac LAB R2Using Web Management to View WDS-STP Status STP Using the CLI to View WDS-STP StatusShow bridge Child Status Show bridge linkNone Root Bridge StatusUsing Web Management to View Event Logs RoamAbout 4102#show events Using the CLI to View Event LogsOct 101551 Status Information Advanced Configuration Default Settings CDP WDS & STP VAP1 Nopassword Preamble Length Long Wireless Interface 802.11b/g Troubleshooting Steps TroubleshootingTroubleshooting Steps 80 m 264 ft Maximum Distance TablesMaximum Distance Tables Troubleshooting Index Radius MAC WDS 4-50bridge 4-52CLI Index-4
Related manuals
Manual 78 pages 58.85 Kb
Top Page Image Contents