Enterasys Networks RBT-4102 manual Security

Page 120

Security

The 802.1x EAP packets are also used to pass dynamic unicast session keys and static broadcast keys to wireless clients. Session keys are unique to each client and are used to encrypt and correlate traffic passing between a specific client and the access point. You can also enable broadcast key rotation, so the access point provides a dynamic broadcast key and changes it at a specified interval.

You can enable 802.1x as optionally supported or as required to enhance the security of the wireless network.

Disable indicates that the access point does not support 802.1x authentication for any wireless client. After successful wireless association with the access point, each client is allowed to access the network.

Supported indicates that the access point supports 802.1x authentication only for clients initiating the 802.1x authentication process (that is, the access point does not initiate 802.1x authentication). For clients initiating 802.1x, only those successfully authenticated are allowed to access the network. For those clients not initiating 802.1x, access to the network is allowed after successful wireless association with the access point.

Required indicates that the access point enforces 802.1x authentication for all associated wireless clients. If 802.1x authentication is not initiated by a client, the access point will initiate authentication. Only those clients successfully authenticated with 802.1x are allowed to access the network.

When you enable 802.1x, you can also enable the broadcast and session key rotation intervals.

Broadcast Key Refresh Rate sets the interval at which the broadcast keys are refreshed for stations using 802.1x dynamic keying. (Range: 0‐1440 minutes; Default: 0 means disabled)

Session Key Refresh Rate specifies the interval at which the access point refreshes unicast session keys for associated clients. (Range: 0‐1440 minutes; Default: 0 means disabled)

802.1x Session Timeout sets the time period after which a connected client must be re‐ authenticated. During the re‐authentication process of verifying the client’s credentials on the RADIUS server, the client remains connected to the network. Only if re‐authentication fails is network access blocked. Default: 60 minutes.

MAC Authentication configures how the access point uses MAC addresses to authorize wireless clients to access the network. This authentication method provides a basic level of authentication for wireless clients attempting to gain access to the network. A database of authorized MAC addresses can be stored locally on the RBT‐4102 or remotely on a central RADIUS server. (Default: Local MAC)

Local MAC indicates that the MAC address of the associating station is compared against the local database stored on the access point. Local MAC Authentication enables the local database to be set up.

RADIUS MAC specifies that the MAC address of the associating station is sent to a configured RADIUS server for authentication.

To use a RADIUS authentication server for MAC address authentication, the access point must be configured to use a RADIUS server, see RADIUS (page 4‐11).

Disable specifies that the access point does not check an associating station’s MAC address.

4-84 Advanced Configuration

Page 119 Page 121
Image 120
Page 119 Page 121
Contents Enterasys RoamAbout Page Page Enterasys Networks, Inc. Firmware License Agreement Iii Page Enterasys Networks, Inc. Software License Agreement Page General Viii Contents Snmp Appendix a Default Settings Appendix B Troubleshooting IndexXii Purpose of This Manual Intended AudienceFirmware Version Support Associated DocumentsGetting Help Convention DescriptionIntroduction OverviewFeatures PolicyApplications Applications Introduction Network Configuration Ad Hoc Wireless LAN no Access Point or Bridge Network TopologiesInfrastructure Wireless LAN Infrastructure Wireless LANInfrastructure Wireless LAN for Roaming Wireless PCs Infrastructure Wireless LAN for RoamingInfrastructure Wireless Bridge Infrastructure Wireless BridgeNetwork Topologies Network Configuration Initial Setup Using the CLI Required ConnectionsLogging Enter no ip dhcp to disable Dhcp Using Web Management Initial Setup Using the CLI ```` Initial Setup Using the CLI Initial Setup Using the CLI Initial Setup Using the CLI Initial Setup Using the CLI Using the Web Interface Using the Command Line Interface CLISnmp Using Web Management to Configure System Information IdentificationUsing the CLI to Configure System Information EnabledDisabled SG SingaporeTCP / IP Settings Using Web Management to Configure TCP/IP TCP / IP Settings Using the CLI to Configure TCP/IP TCP/IP ConfigurationSSH Configuration Ethernet Settings ConfigurationTCP / IP Settings Radius Using Web Management to Configure Radius Radius Attributes Radius Accounting Attribute Description Using the CLI to Configure Radius Authentication Using Web Management to Configure Authentication Using the CLI to Configure Authentication LocalAllowed Using Web Management to Configure Filter Control and VLANs Filter Control and VLANsFilter Control and VLANs Using the CLI to Configure Filter Control and VLANs CLI Commands for Vlan SupportFilter Control and VLANs CLI Commands for Filtering SVP Commands CDP Settings Using Web Management to Configure CDPCDP Settings Using the CLI to Configure CDP Using Web Management to Configure Rogue AP Detection Rogue AP DetectionUsing the CLI to Configure Rogue AP Detection Ssid TT5Using Web Management to Configure Snmp SnmpSnmp Notifications Description Snmp Notifications Security Level Snmp Targets Using the CLI to Configure Snmp CLI Commands for SnmpCLI Commands for Configuring SNMPv3 Users and Groups TPSSnmp CLI Commands for Configuring SNMPv3 Targets CLI Commands for Configuring SNMPv3 Trap FiltersAdministration Changing the PasswordUsing Web Management to Change the Password Using the CLI to Change the Password Using Web Management to Enable and Disable Com PortUsing the CLI to Enable and Disable Com Port Enabling and Disabling Com PortUpgrading Firmware Using Web Management to Upgrade Firmware Using the CLI to Upgrade Firmware Using Web Management to Configure System Log System LogLogging Level Descriptions Error Level Using the CLI to Configure System Log Using Web Management to Configure Sntp Using the CLI to Configure Sntp TAIPEI, BeijingWDS and STP Using Web Management to Configure WDS and STP WDS and STP WDS and STP Using the CLI to Configure WDS Using the CLI to Configure STP Radio Signal Characteristics Radio InterfaceRadio Settings Using Web Management to Configure Interface Radio SettingsVlan ID Radius Attributes Number Value Radio Interface Radio Interface Radio Interface Example WEP AES-TKIPNot Supported DynamicAdmission Control No Example Long TkipRequired PRE Shared KEYAC1Background Txop Limit 0.000 ms Wi-Fi Multimedia WMM Configuration WMM OperationUsing Web Management to Configure WMM WMM Backoff Wait timesUsing the CLI to Configure WMM Ssid SW-WDSAntenna Admission Control No AC2Video Txop Limit Virtual APs VAPs Configuration Using Web Management to Configure Virtual APsRadio Interface Using the CLI to Configure Virtual APs BIT Encryption WPA-ONLYAdmission Control No Security WEPWired Equivalent Privacy WEP Using Web Management to Configure Security SettingsSecurity Page Authentication 802.1x Authentication Security Security Using the CLI to Configure WPA Pre-Shared Key Using the CLI to Configure WPA over 802.1X SecurityQuality of Service AC1Background LogCwMin LogCwMax Using the CLI to Configure Local MAC Authentication Nopassword Allowed LocalNopassword Allowed EmptySecurity Using the CLI to Configure Radius MAC Authentication Remote Using the CLI to Configure WEP Shared Key Security Ssid WPA TKIP-WEPShared Using the CLI to Configure WEP over 802.1x Security Ssid ETSAuthentication Parameters Using the CLI to Configure WPA2 Security AESWPA2-ONLY Using the CLI to Configure WPA2 Pre-Shared Key Security WPA2-PSK Status Information Status Menu DescriptionUsing Web Management to View AP Status Status Information Using the CLI to Display AP Status SQAUsing Web Management to View CDP Status Using the CLI to Display CDP Status Using Web Management to View Station Status Status Information Using Web Management to View Neighbor AP Detection Status Using the CLI to View Neighbor AP Detection Status IbssGtac LAB R2 DEMOWEP1Using Web Management to View WDS-STP Status Using the CLI to View WDS-STP Status Show bridgeSTP Show bridge link Child StatusRoot Bridge Status NoneUsing Web Management to View Event Logs Using the CLI to View Event Logs RoamAbout 4102#show eventsOct 101551 Status Information Advanced Configuration Default Settings CDP WDS & STP VAP1 Nopassword Preamble Length Long Wireless Interface 802.11b/g Troubleshooting Troubleshooting StepsTroubleshooting Steps Maximum Distance Tables 80 m 264 ftMaximum Distance Tables Troubleshooting Index Radius MAC WDS 4-50bridge 4-52CLI Index-4
Related manuals
Manual 78 pages 58.85 Kb
Top Page Image Contents