3Com 3CRWEASYA73, WL-575 WIRED EQUIVALENT PRIVACY (WEP)

5-53

Security

WIRED EQUIVALENT PRIVACY (WEP)

WEP provides a basic level of security, preventing unauthorized access to the

network, and encrypting data transmitted between wireless clients and the access

point. WEP uses static shared keys (fixed-length hexadecimal or alphanumeric

strings) that are manually distributed to all clients that want to us e the network.

WEP is the security protocol initially specified in the IEEE 802.11 standard for

wireless communications. Unfortunately, WEP has been found to be seriously

flawed and cannot be recommended for a high level of network security. For

more robust wireless security, the access point provides Wi-Fi Protected Access

(WPA) for improved data encryption and user authentication.

Setting up shared keys enables the basic IEEE 802.11 Wired Equivalent Privacy

(WEP) on the access point to prevent unauthorized access to the network.

If you choose to use WEP shared keys instead of an open system, be sure to

define at least one static WEP key for user authentication and data encryption.

Also, be sure that the WEP shared keys are the same for each client in the wireless

network.

802.1x WPA-WPA2

Mixed Mode

Authentication: WPA-WPA2-mixed

Encryption: Enable

WPA Configuration: Required

Cipher Suite: TKIP

802.1x: Required

Set 802.1x key refresh and re authentication rates

Local or Disabled Ye s

WPA-WPA2 Mixed

Mode Pre-Shared Key

Authentication: WPA-WPA2-PSK-mixed

Encryption: Enable

WPA Configuration: Required

Cipher Suite: TKIP

802.1x: Disable

WPA Pre-shared Key Type: Hexadecimal or

Alphanumeric

Enter a WPA Pre-shared key

Local or Disabled No

a The configuration summary does not include the set up for MAC authentication (see page 5-10) or

RADIUS server (see page 5-8).

b The configuration of RADIUS MAC authentication together with 802.1x WPA or WPA Pre-shared

Key is not supported.

c RADIUS server required only when RADIUS MAC authentication is configured.

Client Security

Combination Configuration SummaryaMAC

Authenticationb

RADIUS

Server

NOTE: If you choose to configure RADIUS MAC authentication together with

802.1X, the RADIUS MAC address authentication occurs prior to 802.1X

authentication. Only when RADIUS MAC authentication succeeds is 802.1X

authentication performed. When RADIUS MAC authentication fail s, 802.1X

authentication is not performed.

Contents

Main 3Com Corporation 350 Campus Drive Marlborough, MA 01752-3064 Contents 1 2 3 4 5 6 A B Page T Page 1 PRODUCT FEATURES R ADIO C APPROVED CHANNELS PACKAGE CHECKLIST HARDWARE DESCRIPTION INTEGRATED HIGH-GAIN ANTENNA E XTERNAL A NTENNA O ETHERNET PORT P OWER I NJECTOR M G ROUNDING P WATER TIGHT TEST POINT WALL- AND POLE-MOUNTING BRACKET KIT SYSTEM CONFIGURATION O PERATING M P OINT - TO -P OINT C P OINT - TO -M ULTIPOINT C Page Page 2 DATA RATES R ADIO P ATH P ANTENNA HEIGHT AB A NTENNA P OSITION AND O R ADIO I WEATHER CONDITIONS ETHERNET CABLING G 3 T MOUNT THE UNIT USING THE POLE-MOUNTING BRACKET Page USING THE WALL-MOUNTING BRACKET Page C ONNECT E XTERNAL A C ONNECT C ABLES TO THE U C ONNECT THE P OWER I Page C HECK THE LED I LED Color Indicates ALIGN ANTENNAS Page Page 4 N ETWORKS WITH A DHCP S NETWORKS WITHOUT A DHCP SERVER USING THE 3COM INSTALLATION CD LAUNCH THE 3COM WIRELESS INFRASTRUCTURE DEVICE MANAGER (WIDMAN) UTILITY LAUNCHING THE 3COM WIRELESS INTERFACE DEVICE MANAGER Page FIRST TIME ONLY USING THE SETUP WIZARD Page Page Page Page Page Page 5 ADVANCED SETUP 5-3 Advanced Setup SYSTEM IDENTIFICATION TCP / IP S Page Page RADIUS Page A Page Page Page Page FILTER CONTROL Page VLAN Page SNMP CONFIGURING SNMP AND TRAP MESSAGE PARAMETERS Page Page CONFIGURING SNMPV3 USERS A C HANGING THE P TELNET AND SSH SETTINGS U PGRADING F Page Page WDS AND SPANNING TREE SETTINGS Page Page Page Page SYSTEM LOG E NABLING S YSTEM L CONFIGURING SNTP RSSI Page R ADIO I 802.11A INTERFACE Configuring Radio Settings C ONFIGURING C OMMON R ADIO S Page Page Page 802.11B/G INTERFACE Page C ONFIGURING WI -FI M Page Page Page Page S 5-51 Security Tab le 5 Security Considerations NOTE: You must enable data encryption through the web in order to enable all types of encryption (WEP, TKIP, or AES) in the access point. 5-52 CHAPTER 5: SYSTEM CONFIGURATION WIRED EQUIVALENT PRIVACY (WEP) Page Page Page Wi-Fi Protected Access (WPA) Page Page Status Information Page Page Page Page L I INE OMMAND NTERFACE Telnet Connection E NTERING C Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes Exec Commands Configuration Commands Command Line Processing 6-7 Tab le 8 Keystroke Commands C OMMAND G Tab le 9 Command Groups The system commands can be broken down into the functional groups shown below. General Commands Page Page Page Page 6-13 System Management Commands Tab le 11 System Management Commands 6-14 Tab le 12 Country Codes Page Page Page Page Page Page Page Page Page Page Page 6-26 Page 6-28 6-29 6-30 6-31 6-32 show hardware This command displays the hardware version of the system. Command Mode Example Tab le 13 System Loggign Commands System Logging Commands These commands are used to configure system logging on the access point. Page Page Page Page System Clock Commands Page Page Page Page DHCP Relay Commands Page 6-44 Command Mode Example Tab le 16 SNMP Commands SNMP Commands Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page 6-60 show snmp This command displays the SNMP configuration settings. Command Mode Flash/File Commands Page Page Page RADIUS Client Page Page Page Page Page 802.1X Authentication Page Page Page Page Page Page MAC Address Authentication Page Page Page Filtering Commands Page Page Page Page Page 6-88 WDS Bridge Commands Tab le 22 WDS Bridge Commands Page Page Page Page Page Page Page 6-96 Page 6-98 Spanning Tree Commands Page Page Page Page Page Ethernet Interface Commands Page Page Page Page Page 6-111 Wireless Interface Commands Tab le 25 Wireless Interface Commands Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page 6-130 6-131 6-132 Rogue AP Detection Commands Page Page Page Page Page 6-139 show rogue-ap This command displays the current rogue AP database. Command Mode Example Tab le 27 Wireless Security Commands Wireless Security Commands Page Page Page Page Page Page Page Page Page Page Link Integrity Commands Page Page IAPP Commands VLAN Commands Page Page Page WMM Commands Page Page Page Page A Page Page Page B T 10/100BASE-TX PIN ASSIGNMENTS B-3 STRAIGHT-THROUGH WIRING EIA/TIA568B RJ-45 Wiring Standard 10/100BASE-TXStraight-through Cable B-4 CROSSOVER WIRING EIA/TIA568B RJ-45 Wiring Standard 10/100BASE-TXCrossover Cable B-5 8-PIN DIN CONNECTOR PINOUT B-6 8-PIN DIN TO RJ-45 CABLE WIRING G Page Page Page Page Page I Numbers A B C H I L M O T U V W