HP Client Bridge M111 manual Wireless security, Wireless protection, Key source, EAP method

Page 46

Working with the M111

Using station profiles to establish a wireless link

When this option is enabled, this profile takes priority over profiles without active scanning. The M111 attempts to connect with active profiles first before trying other profiles in the list.

 

Wireless security

 

Wireless protection

 

The M111 supports several authentication and encryption options for protection of wireless

 

transmissions. To make use of these options, the remote AP to which the M111 connects

 

must be configured appropriately. The options displayed are dependent on the Wireless

 

protection option selected.

 

 

Note

Options that need support from a RADIUS server require that the connection to the RADIUS

 

server is configured on the remote AP and not on the M111.

 

The following wireless protection options are available:

 

None: No authentication.

802.1X: This option enables support for 802.1X with or without WEP. Must be used with a RADIUS server.

WPA: This option enables support for WPA with TKIP, supporting either a RADIUS server or a pre-shared key (PSK).

WPA2: This option enables support for WPA2 with AES/CCMP, supporting either a RADIUS server or a pre-shared key (PSK).

Key source

PSK: Only available if Wireless protection is set to WPA or WPA2.

Key: The M111 uses the key you specify in the this field to generate the TKIP or AES/CCMP keys that encrypt the wireless data stream. Since this is a static key, it is not as secure as the RADIUS option. Specify a key that is between 8 and 63 alphanumeric characters in length. It is recommended that the preshared key be at least 20 characters long, and be a mix of letters and numbers. The double quote character (") should not be used.

RADIUS: The M111 obtains the Microsoft Point-to-Point Encryption (MPPE) keys from a RADIUS server (via the remote AP). This is a dynamic key that changes each time the M111 logs in and is authenticated by the AP. The MPPE key is used to generate the WEP, TKIP or AES/CCMP keys that encrypt the wireless data stream.

EAP method

Select the Extensible Authentication Protocol (EAP) authentication method the M111 will use when connecting to the AP.

PEAP version 0 / PEAP version 1: These two options have the same configuration settings. PEAP version 0 only supports MS-CHAP V2 as the inner EAP protocol. PEAP version 1 only supports EAP-GTC (generic token card) as an inner EAP protocol. Both require the use of a RADIUS server by the remote AP.

3-16

Image 46
Contents ProCurve 5400zl Switches HP ProCurve M111 Client Bridge Page HP ProCurve M111 Client Bridge Publication Number Contents Working with the M111 Field descriptions To assign a management address Resetting to factory defaults Regulatory informationViii Introduction Important terms About this guideProducts covered ConventionsCommands and program listings Example DescriptionKey features Introducing the M111 Client BridgeProfessional Installation Required Safety informationServicing Online documentation HP ProCurve Networking supportBefore contacting support Getting started Deploying the M111 Scenario 1 Connecting wired devices to a wireless networkOverview Configuration procedure Configure your computerConnect to the M111 Passwords Select Network DNSConfigure a station profile Connect the wired computers to the M111  The printer is configured with a static IP address Configure MAC cloning options Connect the wired device to the M111 Scenario 3 Connecting a serial device to a wireless network Configure the serial connection Getting started Getting started Working with the M111 802.1X certificates Certificate stores Certificate usage Management tool About passwordsStarting the management tool Customizing management tool settings Manager and Operator accountsPasswords Security policies SecurityWeb server IP address configurationAuto-refresh To configure IP addressing Radio configuration Wireless rangeWireless mode To configure the radioRestrict channels to Antenna selection Fast roaming threshold Fast roaming delta thresholdFast roaming threshold count Scan channel delayFast scan channel delay Minimum SNR thresholdTransmit power control Using station profiles to establish a wireless linkAdvanced wireless settings RTS thresholdWorking with the M111 To add or edit a station profile GeneralKey source Wireless securityWireless protection EAP methodWorking with the M111 Encryption type Quality of serviceViewing APs in the neighborhood Ap1certificate or ap2certificateAccess category Configuring Quality of Service QoSField descriptions Priority mechanisms QoS settings in a station profile802.1p Differentiated Services DiffServ Very-high, high, normal, low priorityTo define an IP QoS profile DisabledCreating IP QoS profiles Upstream DiffServ taggingProfile name Connecting serial devicesSettings Protocol Start port/ End portSerial port connector To connect a serial deviceMode Transmit timeoutIdle timeout Remote IP addressParity bit Drop wireless link when port 1 is connectedData bits Stop bitsTx kbytes DNS configurationConnection time Rx kbytesOverride dynamically assigned DNS servers DNS switch on server failureDynamically assigned DNS servers ServerHandling unsupported traffic DNS switch overEnable the Redirect unsupported traffic to option To forward unsupported trafficIP forwarding Cloning the address of a wired deviceLimitations Wireless access to the M111 when MAC cloning is active Enabling Ethernet MAC cloningSnmp agent UDP port Setting up management traffic interceptionManagement tool TCP port Select Management SnmpSnmp notifications UDP port Using filters to restrict wireless trafficEnable the Wireless traffic filters option Remote log UDP portAssigning a management address To assign a management addressSnmp V1/v2c communities AttributesV3 users Managing certificates Notification receiversInstall 802.1X Install TLS client certificatePassword 802.1X certificates802.1X Trusted CA certificates Certificate stores802.1X Manage TLS client certificates 802.1X Manage CA certificatesTrusted CA certificate store Installing a new CA certificateCA certificate import formats Certificate and private key store END CertificateSpecify the Pkcs #12 password Default installed private key/public key certificate chainsCertificate usage Changing the certificate assigned to a service About certificate warningsManual configuration file management Configuration file managementBackup configuration Restore configuration Reset configurationScheduled operations Software updates Select Install Performing an immediate software updatePerforming a scheduled update Enable Scheduled installWorking with the M111 Regulatory information Manufacturers FCC Declaration of Conformity Statement Countries of Operation & Conditions of Use Operation Using 5 GHz Channels in the European Community GHz OperationIndoor or outdoor use 1000 124, 128, 132, 136 Supported External Antennas5470 Antenna Band GHzDGT LPD Low Power Device Statement Resetting to factory defaults Using the management tool Using the Reset buttonHow it works Page Technology for better business outcomes