3Com 3CRWEASYA73, WL-575 Wi-Fi Protected Access (WPA)

5-57

Security

Key Type – Select the preferred method of entering WEP encryption keys on the

access point and enter up to four keys:

• Hexadecimal: Enter keys as 10 hexadecimal digits (0-9 and A-F) for 64 bit

keys, 26 hexadecimal digits for 128 bit keys, or 32 hexadecimal digits for 152

bit keys (802.11a radio only). This is the default setting.

• Alphanumeric: Enter keys as 5 alphanumeric characters for 64 bit keys, 13

alphanumeric characters for 128 bit keys, or 16 alphanumeric characters for

152 bit keys (802.11a radio only).

Key – Selects the key number to use for encryption for each VAP interface. If the

clients have all four keys configured to the same values, you can change the

encryption key to any of the four settings without having to update the client

keys. (Default: Key 1)

Wi-Fi Protected Access (WPA)

WPA employs a combination of several technologies to provide an enhanced

security solution for 802.11 wireless networks.

The access point supports the following WPA components and features:

IEEE 802.1X and the Extensible Authentication Protocol

(EAP):

WPA employs

802.1X as its basic framework for user authentication and dynamic key

management. The 802.1X client and RADIUS server should use an appropriate

EAP type—such as EAP-TLS (Transport Layer Security), EAP-TTLS (Tunneled TLS), or

PEAP (Protected EAP)—for strongest authentication. Working together, these

protocols provide “mutual authentication” between a client, the access point,

and a RADIUS server that prevents users from accidentally joining a rogue

network. Only when a RADIUS server has authenticated a user’s credentials will

encryption keys be sent to the access point and client.

NOTE: Key index and type must match that configured on the clients.

NOTE: In a mixed-mode environment with clients using static WEP keys and WPA,

select WEP transmit key index 2, 3, or 4. The access point uses transmit key index

1 for the generation of dynamic keys.

NOTE: To implement WPA on wireless clients requires a WPA-enabled network

card driver and 802.1X client software that supports the EAP authentication type

that you want to use. Windows XP provides native WPA support, other systems

require additional software.

Contents

Main 3Com Corporation 350 Campus Drive Marlborough, MA 01752-3064 Contents 1 2 3 4 5 6 A B Page T Page 1 PRODUCT FEATURES R ADIO C APPROVED CHANNELS PACKAGE CHECKLIST HARDWARE DESCRIPTION INTEGRATED HIGH-GAIN ANTENNA E XTERNAL A NTENNA O ETHERNET PORT P OWER I NJECTOR M G ROUNDING P WATER TIGHT TEST POINT WALL- AND POLE-MOUNTING BRACKET KIT SYSTEM CONFIGURATION O PERATING M P OINT - TO -P OINT C P OINT - TO -M ULTIPOINT C Page Page 2 DATA RATES R ADIO P ATH P ANTENNA HEIGHT AB A NTENNA P OSITION AND O R ADIO I WEATHER CONDITIONS ETHERNET CABLING G 3 T MOUNT THE UNIT USING THE POLE-MOUNTING BRACKET Page USING THE WALL-MOUNTING BRACKET Page C ONNECT E XTERNAL A C ONNECT C ABLES TO THE U C ONNECT THE P OWER I Page C HECK THE LED I LED Color Indicates ALIGN ANTENNAS Page Page 4 N ETWORKS WITH A DHCP S NETWORKS WITHOUT A DHCP SERVER USING THE 3COM INSTALLATION CD LAUNCH THE 3COM WIRELESS INFRASTRUCTURE DEVICE MANAGER (WIDMAN) UTILITY LAUNCHING THE 3COM WIRELESS INTERFACE DEVICE MANAGER Page FIRST TIME ONLY USING THE SETUP WIZARD Page Page Page Page Page Page 5 ADVANCED SETUP 5-3 Advanced Setup SYSTEM IDENTIFICATION TCP / IP S Page Page RADIUS Page A Page Page Page Page FILTER CONTROL Page VLAN Page SNMP CONFIGURING SNMP AND TRAP MESSAGE PARAMETERS Page Page CONFIGURING SNMPV3 USERS A C HANGING THE P TELNET AND SSH SETTINGS U PGRADING F Page Page WDS AND SPANNING TREE SETTINGS Page Page Page Page SYSTEM LOG E NABLING S YSTEM L CONFIGURING SNTP RSSI Page R ADIO I 802.11A INTERFACE Configuring Radio Settings C ONFIGURING C OMMON R ADIO S Page Page Page 802.11B/G INTERFACE Page C ONFIGURING WI -FI M Page Page Page Page S 5-51 Security Tab le 5 Security Considerations NOTE: You must enable data encryption through the web in order to enable all types of encryption (WEP, TKIP, or AES) in the access point. 5-52 CHAPTER 5: SYSTEM CONFIGURATION WIRED EQUIVALENT PRIVACY (WEP) Page Page Page Wi-Fi Protected Access (WPA) Page Page Status Information Page Page Page Page L I INE OMMAND NTERFACE Telnet Connection E NTERING C Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes Exec Commands Configuration Commands Command Line Processing 6-7 Tab le 8 Keystroke Commands C OMMAND G Tab le 9 Command Groups The system commands can be broken down into the functional groups shown below. General Commands Page Page Page Page 6-13 System Management Commands Tab le 11 System Management Commands 6-14 Tab le 12 Country Codes Page Page Page Page Page Page Page Page Page Page Page 6-26 Page 6-28 6-29 6-30 6-31 6-32 show hardware This command displays the hardware version of the system. Command Mode Example Tab le 13 System Loggign Commands System Logging Commands These commands are used to configure system logging on the access point. Page Page Page Page System Clock Commands Page Page Page Page DHCP Relay Commands Page 6-44 Command Mode Example Tab le 16 SNMP Commands SNMP Commands Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page 6-60 show snmp This command displays the SNMP configuration settings. Command Mode Flash/File Commands Page Page Page RADIUS Client Page Page Page Page Page 802.1X Authentication Page Page Page Page Page Page MAC Address Authentication Page Page Page Filtering Commands Page Page Page Page Page 6-88 WDS Bridge Commands Tab le 22 WDS Bridge Commands Page Page Page Page Page Page Page 6-96 Page 6-98 Spanning Tree Commands Page Page Page Page Page Ethernet Interface Commands Page Page Page Page Page 6-111 Wireless Interface Commands Tab le 25 Wireless Interface Commands Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page 6-130 6-131 6-132 Rogue AP Detection Commands Page Page Page Page Page 6-139 show rogue-ap This command displays the current rogue AP database. Command Mode Example Tab le 27 Wireless Security Commands Wireless Security Commands Page Page Page Page Page Page Page Page Page Page Link Integrity Commands Page Page IAPP Commands VLAN Commands Page Page Page WMM Commands Page Page Page Page A Page Page Page B T 10/100BASE-TX PIN ASSIGNMENTS B-3 STRAIGHT-THROUGH WIRING EIA/TIA568B RJ-45 Wiring Standard 10/100BASE-TXStraight-through Cable B-4 CROSSOVER WIRING EIA/TIA568B RJ-45 Wiring Standard 10/100BASE-TXCrossover Cable B-5 8-PIN DIN CONNECTOR PINOUT B-6 8-PIN DIN TO RJ-45 CABLE WIRING G Page Page Page Page Page I Numbers A B C H I L M O T U V W