3Com 3CRWEASYA73, WL-575 manual System Configuration

Page 106

CHAPTER 5: SYSTEM CONFIGURATION

Temporal Key Integrity Protocol (TKIP): WPA specifies TKIP as the data encryption method to replace WEP. TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys. Basically, TKIP starts with a master (temporal) key for each user session and then mathematically generates other keys to encrypt each data packet. TKIP provides further data encryption enhancements by including a message integrity check for each packet and a re-keying mechanism, which periodically changes the master key.

WPA Pre-Shared Key Mode (WPA-PSK, WPA2-PSK): For enterprise deployment, WPA requires a RADIUS authentication server to be configured on the wired network. However, for small office networks that may not have the resources to configure and maintain a RADIUS server, WPA provides a simple operating mode that uses just a pre-shared password for network access. The Pre-Shared Key mode uses a common password for user authentication that is manually entered on the access point and all wireless clients. The PSK mode uses the same TKIP packet encryption and key management as WPA in the enterprise, providing a robust and manageable alternative for small networks.

Mixed WPA and WEP Client Support: WPA enables the access point to indicate its supported encryption and authentication mechanisms to clients using its beacon signal. WPA-compatible clients can likewise respond to indicate their WPA support. This enables the access point to determine which clients are using WPA security and which are using legacy WEP. The access point uses TKIP unicast data encryption keys for WPA clients and WEP unicast keys for WEP clients. The global encryption key for multicast and broadcast traffic must be the same for all clients, therefore it restricts encryption to a WEP key.

When access is opened to both WPA and WEP clients, no authentication is provided for the WEP clients through shared keys. To support authentication for WEP clients in this mixed mode configuration, you can use either MAC authentication or 802.1X authentication.

WPA2 – WPA was introduced as an interim solution for the vulnerability of WEP pending the ratification of the IEEE 802.11i wireless security standard. In effect, the WPA security features are a subset of the 802.11i standard. WPA2 includes the now ratified 802.11i standard, but also offers backward compatibility with WPA. Therefore, WPA2 includes the same 802.1X and PSK modes of operation and support for TKIP encryption. The main differences and enhancements in WPA2 can be summarized as follows:

„Advanced Encryption Standard (AES): WPA2 uses AES Counter-Mode encryption with Cipher Block Chaining Message Authentication Code (CBC-MAC) for message integrity. The AES Counter-Mode/CBCMAC Protocol (AES-CCMP) provides extremely robust data confidentiality using a 128-bit key. The AES-CCMP encryption cipher is specified as a standard requirement

5-58

Page 105 Page 107
Image 106
Page 105 Page 107
Contents User Guide 3Com Corporation 350 Campus Drive Marlborough, MA Contents Configuring Snmp and Trap Message Parameters Advanced Setup System IdentificationAuthentication Filter Control Configuring SntpCommand Line Interface Straight-Through Wiring Crossover Wiring B-4 Pin DIN to RJ-45 Cable Wiring B-6Terminology Viii Product Features IntroductionRadio Characteristics Approved ChannelsPackage Checklist „ One Quick Start GuideIntegrated HIGH-GAIN Antenna Hardware DescriptionExternal Antenna Options Power Injector Module Ethernet PortGrounding Point Water Tight Test PointOperating Modes System ConfigurationWALL- and POLE-MOUNTING Bracket KIT POINT-TO-POINT Configuration POINT-TO-MULTIPOINT ConfigurationBeam Angle Page Bridge Link Planning Data Rates Radio Path Planning Antenna Height Miles 4.8 km 20 m 17 m 12 m Antenna Position and Orientation Radio Interference Weather ConditionsEthernet Cabling GroundingHardware Installation Using the POLE-MOUNTING Bracket Testing Basic Link OperationMount the Unit Fit the edges of the V-shaped Part into the slots Using the WALL-MOUNTING Bracket Page Connect External Antennas Connect the Power Injector Connect Cables to the UnitPage Check the LED Indicators LEDAlign Antennas High 11a Signal Page Networks with a Dhcp Server Networks Without a Dhcp ServerUsing the 3COM Installation CD Launching the 3COM Wireless Interface Device ManagerClick on the Properties button to see the following screen Using the Setup Wizard First Time onlyLogin Home page displays the Main Menu Setup Wizard Step Setup Wizard Step Setup Wizard Step Click Finish Click the OK button to complete the wizard System Configuration Advanced Setup Advanced SetupAdvanced Setup System Identification TCP / IP Settings System Configuration Smart Monitor Radius Radius Authentication Authentication Authentication Authentication Authentication System Configuration Filter Control System Configuration Vlan Filter Control Vlan ID Configuring Snmp and Trap Message Parameters SnmpSnmp Trap Configuration Configuring SNMPV3 Users Configuring SNMPv3 UsersAdministration Changing the PasswordTelnet and SSH Settings Upgrading Firmware System Configuration „ IP Address IP address or host name of the Tftp server WDS and Spanning Tree Settings WDS and Spanning Tree Settings Root bridge acting as the master bridges parent WDS and Spanning Tree Settings Range Default System LOG Enabling System LoggingConfiguring Sntp Error Level DescriptionRssi Rssi Radio Interface Radio Settings a 802.11A InterfaceConfiguring Common Radio Settings Radio Settings a and B/GSystem Configuration Normal Mode Turbo Mode System Configuration 802.11B/G Interface Radio Settings B/G Configuring WI-FI Multimedia Category WMM Access CategoriesAccess VoiceWMM Backoff Times System Configuration Key Type See Wired Equivalent Privacy WEP Wireless Security Considerations Wi-Fi Protected Access WPA or WPA2Security MAC Radius Combination Authentication b Server Wired Equivalent Privacy WEP RadiusAuthentication and Encryption WPA Key Management WEP Keys Wi-Fi Protected Access WPA System Configuration Configuration settings for WPA are summarized below WPA Configuration SettingsStatus Information AP StatusStation Status Static The client is using static WEP keys for encryption Security System Configuration Accessing the CLI Using the Command Line InterfaceConsole Connection Telnet Connection Entering Commands Keywords and ArgumentsShowing Commands Negating the Effect of Commands Command ModesConfiguration Commands Command Groups Keystroke CommandsConfigure General CommandsGeneral Commands Related Commands Default SettingCommand Mode ExamplePing Command UsageExit SyntaxReset Syntax Reset board configurationShow history Show lineSystem Management Commands System Management CommandsCountry Country countrycode Country CodesPrompt Syntax Prompt string no promptUsername System nameSyntax System name name no system name Syntax Username namePassword Ip ssh-server enableIp ssh-server port Default Setting Command ModeIp telnet-server enable Syntax Ip ssh-server port port-numberSyntax Ip http port port-numberno ip http port Syntax No ip http server Default SettingIp http port Ip http serverIp https port Syntax Ip https port portnumber no ip https portSyntax No ip https server Default Setting Ip https serverSyntax No web-redirect Default Setting Web-redirectAPmgmtIP APmgmtIP multiple IPaddress subnetmask single IPaddress anySyntax APmgmtUI Snmp Telnet Web enable disable APmgmtUIShow apmanagement Snmp UIShow system US United StatesShow config Show versionSsid PRE Shared KEY WPA PSK Enabled Dot11StationRequestFail Nocountryset System Loggign Commands System Logging CommandsShow hardware Logging on Syntax No logging on Default SettingLogging host Logging console Syntax No logging console Default SettingLogging level Logging facility-type Syntax Logging facility-type typeLogging clear Syntax Logging clear Command ModeSyntax Show logging Command Mode Show loggingSystem Clock Commands System Clock CommandsSyntax Show event-log Command Mode Show event-logSntp-server ip Sntp-server enableSyntax No sntp-server enable Syntax Sntp-server ip 1 2 ipSntp-server date-time Sntp-server ip 6-38 show sntpSntp-server timezone Syntax No sntp-server daylight-saving Default SettingSntp-server daylight-saving Syntax Sntp-server timezone hoursShow sntp TAIPEI, BeijingSyntax No dhcp-relay enable Default Setting Dhcp Relay CommandsDhcp-relay enable Dhcp Relay CommandsSyntax Dhcp-relay primary secondary ipaddress Dhcp-relayShow dhcp-relay Snmp Commands Snmp CommandsDisplays the Snmp v3 notification filter assignments Snmp-server community Snmp-server contactSnmp-server location Snmp-server enable server Snmp-server hostHostname Name of the host. Range 1-63 characters Snmp-server trapCommand Line Interface Snmp-server engine-id Snmp-server user Syntax Snmp-server user user-nameSnmp-server targets Snmp-server filter Default Setting Snmp-server filter-assignments Show snmp groupsShow snmp users Syntax Show snmp groups Command ModeSyntax Show snmp users Command Mode Show snmp group-assignmentsShow snmp target Syntax Show snmp group-assignments Command ModeSyntax Show snmp target Command Mode Show snmp filterSyntax Show snmp filter-assignments Command Mode Show snmp filter-assignmentsShow snmp Syntax Bootfile filename Flash/File CommandsBootfile Flash/File CommandsSyntax Copy ftp tftp file copy config ftp tftp CopyDelete Dir File information is shown belowShow bootfile Radius ClientRadius-server port Radius-server addressSyntax Radius-server secondary port portnumber Radius-server retransmit Radius-server keySyntax Radius-server secondary key keystring Syntax Radius-server secondary retransmit numberofretriesRadius-server port-accounting Radius-server timeoutSyntax Radius-server secondary timeout numberofseconds Syntax Radius-server secondary port-accounting portnumberRadius-server timeout-interim Radius-server radius-mac-formatSyntax Radius-server vlan-format hex ascii Radius-server vlan-formatShow radius 802.1X Authentication 802.1x 802.1X AuthenticationSyntax 802.1x supported required no Using the Command Line Interface 802.1x broadcast-key-refresh-rate Syntax 802.1x broadcast-key-refresh-rate rate802.1x session-key-refresh-rate 802.1x session-timeoutSyntax 802.1x session-key-refresh-rate rate 802.1x-supplicant enable Default802.1x-supplicant user Show authentication MAC Address Authentication Address filter entry Address filter defaultSyntax Address filter default allowed denied Syntax Address filter entry mac-addressallowed deniedAddress filter default 6-79 802.1x-supplicant user Address filter delete Mac-authentication serverSyntax Mac-authentication server local remote Syntax Address filter delete mac-addressMac-authentication session-timeout Filtering CommandsSyntax Mac-authentication session-timeout minutes Filtering Commands Filter local-bridgeOutdoor 11a Building to Building config#filter local-bridge Syntax No filter uplink enable Default Syntax No filter ap-manage DefaultFilter uplink enable Filter ap-manageFilter ethernet-type enable Syntax No filter ethernet-type enable DefaultFilter ethernet-type protocol Show filtersWDS Bridge Commands WDS Bridge CommandsBridge role WDS Bridge modeSyntax Bridge mode master slave Syntax Bridge role ap repeater bridge root-bridgeSyntax Bridge channel-auto-sync enable disable Bridge channel-auto-syncBridge-link child Bridge-link parentSyntax Bridge-link parent mac-address Syntax Bridge-link child index mac-addressBridge dynamic-entry age-time Syntax Bridge dynamic-entry age-time secondsSeconds Show bridge aging-time Show bridge filter-entry MAC Syntax Show bridge link ethernet wireless a g index Show bridge linkParent 00-12-34-56-78-9a Child Bridge stp enable Spanning Tree CommandsBridge Commands Syntax No bridge stp enable Default Setting Bridge stp forwarding-delaySyntax Bridge stp hello-time time No bridge stp hello-time Bridge stp hello-timeBridge stp max-age Bridge stp priority Syntax Bridge stp max-age seconds No bridge stp max-ageSyntax Bridge stp prioritypriority no bridge stp priority Bridge-link path-cost Syntax Bridge-link path-cost index costSyntax Bridge-link port-priority index priority Bridge-link port-priorityShow bridge stp Syntax Show bridge stp Command Mode Ethernet Interface CommandsEhternet Interface Commands Interface ethernet Dns serverIp address Ip address ip-address netmask gateway no ip addressSyntax No ip dhcp Default Setting Ip dhcpSyntax Speed-duplex auto 10MH 10MF 100MF 100MH Syntax No shutdown Default SettingSpeed-duplex ShutdownSyntax Show interface ethernet Default Setting Show interface ethernetWireless Interface Commands Wireless Interface CommandsInterface wireless Syntax Interface wireless a gSpeed VapSyntax Speed speed Turbo Syntax Turbo static dynamic no turboMulticast-data-rate Syntax Multicast-data-rate speedChannel Syntax Channel channel autoRadio-mode Transmit-powerSyntax Radio-mode b g b+g Preamble Default Setting +g mode Command ModeSyntax Preamble long short-or-long Antenna control Syntax Antenna control diversity left rightAntenna location Antenna idSyntax Antenna id antenna-id Syntax Antenna location indoor outdoorBeacon-interval Syntax Beacon-interval intervalDtim-period Syntax Dtim-period intervalRts-threshold Fragmentation-lengthSyntax Fragmentation-length length Syntax Rts-threshold thresholdSyntax No super-a Default Setting Super-aSuper-g Syntax No super-g Default SettingDescription Ssid Syntax No closed-system Default SettingClosed-system Max-association Assoc-timeout-intervalSyntax Assoc-timeout-interval minutes Syntax Max-association countAuth-timeout-value Syntax Auth-timeout-value minutesShow interface wireless Syntax Show interface wireless a g vap-id130 131 132 Rogue AP Detection Commands Show stationRogue-ap enable Rogue AP CommandsRogue-ap authenticate Syntax No rogue-ap authenticate Default SettingSyntax Rogue-ap duration milliseconds Rogue-ap durationRogue-ap interval Syntax Rogue-ap interval minutes Rogue-ap scan138 Wireless Security Commands Wireless Security CommandsShow rogue-ap Auth 141 Syntax No encryption Default Setting EncryptionKey Key index size type value no key indexSyntax Transmit-key index Transmit-keyKey 6-143 encryption 6-142 transmit-key Cipher-suite Syntax Cipher-suite aes-ccmp tkip wepMicmode Syntax Micmode hardware softwareWpa-pre-shared-key Syntax Wpa-pre-shared-key hex passphrase-keyvaluePmksa-lifetime Syntax Pmksa-lifetime minutesPre-authentication Link Integrity Commands Link Integrity CommandsSyntax No link-integrity ping-detect Default Setting Link-integrity ping-detectLink-integrity ping-interval Link-integrity ping-hostSyntax Link-integrity ping-interval interval Syntax Link-integrity ping-fail-retry counts Link-integrity ping-fail-retryLink-integrity ethernet-detect Syntax No link-integrity ethernet-detect Default Setting Iapp CommandsShow link-integrity Syntax No iapp Default Vlan CommandsIapp Vlan Commands Vlan Syntax No vlan enable DefaultCommand Description Management-vlanidVlan-id Syntax Vlan-id vlan-idWmm WMM CommandsWMM Commands Syntax No wmm supported requiredWmm-acknowledge-policy Syntax Wmm-acknowledge-policy acnumber ack noackAP Access Point BSS Wireless client Wmmparam161 162 Troubleshooting Page Page Page Cables and Pinouts TWISTED-PAIR Cable Assignments10/100BASE-TX PIN Assignments STRAIGHT-THROUGH Wiring Crossover Wiring PIN DIN Connector Pinout Pin DIN Ethernet Port PinoutPIN DIN to RJ-45 Cable Wiring Glossary CSMA/CA Infrastructure Radius Virtual LAN Vlan Glossary-6 Index RTS STA
Related manuals
Manual 20 pages 14.36 Kb
Top Page Image Contents