Wi-Fi Protected Access WPA | 3Com WL-575, 3CRWEASYA73 manual

Security

Key Type – Select the preferred method of entering WEP encryption keys on the access point and enter up to four keys:

•Hexadecimal: Enter keys as 10 hexadecimal digits (0-9 and A-F) for 64 bit keys, 26 hexadecimal digits for 128 bit keys, or 32 hexadecimal digits for 152 bit keys (802.11a radio only). This is the default setting.

•Alphanumeric: Enter keys as 5 alphanumeric characters for 64 bit keys, 13 alphanumeric characters for 128 bit keys, or 16 alphanumeric characters for 152 bit keys (802.11a radio only).

Key – Selects the key number to use for encryption for each VAP interface. If the clients have all four keys configured to the same values, you can change the encryption key to any of the four settings without having to update the client keys. (Default: Key 1)

NOTE: Key index and type must match that configured on the clients.

NOTE: In a mixed-mode environment with clients using static WEP keys and WPA, select WEP transmit key index 2, 3, or 4. The access point uses transmit key index 1 for the generation of dynamic keys.

Wi-Fi Protected Access (WPA)

WPA employs a combination of several technologies to provide an enhanced security solution for 802.11 wireless networks.

The access point supports the following WPA components and features:

IEEE 802.1X and the Extensible Authentication Protocol (EAP): WPA employs 802.1X as its basic framework for user authentication and dynamic key management. The 802.1X client and RADIUS server should use an appropriate EAP type—such as EAP-TLS (Transport Layer Security), EAP-TTLS (Tunneled TLS), or PEAP (Protected EAP)—for strongest authentication. Working together, these protocols provide “mutual authentication” between a client, the access point, and a RADIUS server that prevents users from accidentally joining a rogue network. Only when a RADIUS server has authenticated a user’s credentials will encryption keys be sent to the access point and client.

NOTE: To implement WPA on wireless clients requires a WPA-enabled network card driver and 802.1X client software that supports the EAP authentication type that you want to use. Windows XP provides native WPA support, other systems require additional software.

5-57

Image 105

3Com WL-575, 3CRWEASYA73 manual Wi-Fi Protected Access WPA

Contents

User Guide 3Com Corporation 350 Campus Drive Marlborough, MA Contents Authentication Filter Control Advanced Setup System IdentificationConfiguring Snmp and Trap Message Parameters Configuring Sntp Command Line Interface Pin DIN to RJ-45 Cable Wiring B-6 Straight-Through Wiring Crossover Wiring B-4 Terminology Viii Introduction Product Features Approved Channels Radio Characteristics „ One Quick Start Guide Package Checklist Hardware Description Integrated HIGH-GAIN AntennaExternal Antenna Options Ethernet Port Power Injector Module Water Tight Test Point Grounding Point System Configuration Operating ModesWALL- and POLE-MOUNTING Bracket KIT POINT-TO-MULTIPOINT Configuration POINT-TO-POINT Configuration Beam Angle Page Bridge Link Planning Data Rates Radio Path Planning Antenna Height Miles 4.8 km 20 m 17 m 12 m Antenna Position and Orientation Weather Conditions Radio Interference Grounding Ethernet Cabling Hardware Installation Testing Basic Link Operation Using the POLE-MOUNTING BracketMount the Unit Fit the edges of the V-shaped Part into the slots Using the WALL-MOUNTING Bracket Page Connect External Antennas Connect Cables to the Unit Connect the Power InjectorPage LED Check the LED Indicators Align Antennas High 11a Signal Page Networks Without a Dhcp Server Networks with a Dhcp Server Launching the 3COM Wireless Interface Device Manager Using the 3COM Installation CD Click on the Properties button to see the following screen First Time only Using the Setup Wizard Login Home page displays the Main Menu Setup Wizard Step Setup Wizard Step Setup Wizard Step Click Finish Click the OK button to complete the wizard System Configuration Advanced Setup Advanced Setup Advanced Setup System Identification TCP / IP Settings System Configuration Smart Monitor Radius Radius Authentication Authentication Authentication Authentication Authentication System Configuration Filter Control System Configuration Vlan Filter Control Vlan ID Snmp Configuring Snmp and Trap Message Parameters Snmp Trap Configuration Configuring SNMPv3 Users Configuring SNMPV3 Users Changing the Password Administration Telnet and SSH Settings Upgrading Firmware System Configuration „ IP Address IP address or host name of the Tftp server WDS and Spanning Tree Settings WDS and Spanning Tree Settings Root bridge acting as the master bridges parent WDS and Spanning Tree Settings Range Default Enabling System Logging System LOG Error Level Description Configuring Sntp Rssi Rssi Radio Interface 802.11A Interface Radio Settings a Radio Settings a and B/G Configuring Common Radio Settings System Configuration Normal Mode Turbo Mode System Configuration 802.11B/G Interface Radio Settings B/G Configuring WI-FI Multimedia Access WMM Access CategoriesCategory Voice WMM Backoff Times System Configuration Key Type See Wired Equivalent Privacy WEP Wi-Fi Protected Access WPA or WPA2 Wireless Security ConsiderationsSecurity MAC Radius Combination Authentication b Server Radius Wired Equivalent Privacy WEP Authentication and Encryption WPA Key Management WEP Keys Wi-Fi Protected Access WPA System Configuration WPA Configuration Settings Configuration settings for WPA are summarized below AP Status Status Information Station Status Static The client is using static WEP keys for encryption Security System Configuration Using the Command Line Interface Accessing the CLIConsole Connection Telnet Connection Keywords and Arguments Entering Commands Showing Commands Command Modes Negating the Effect of Commands Configuration Commands Keystroke Commands Command Groups General Commands ConfigureGeneral Commands Command Mode Default SettingRelated Commands Example Exit Command UsagePing Syntax Syntax Reset board configuration Reset Show line Show history System Management Commands System Management CommandsCountry Country Codes Country countrycode Syntax Prompt string no prompt Prompt Syntax System name name no system name System nameUsername Syntax Username name Ip ssh-server enable Password Ip telnet-server enable Default Setting Command ModeIp ssh-server port Syntax Ip ssh-server port port-number Ip http port Syntax No ip http server Default SettingSyntax Ip http port port-numberno ip http port Ip http server Syntax Ip https port portnumber no ip https port Ip https port Ip https server Syntax No ip https server Default Setting Web-redirect Syntax No web-redirect Default Setting APmgmtIP multiple IPaddress subnetmask single IPaddress any APmgmtIP APmgmtUI Syntax APmgmtUI Snmp Telnet Web enable disable Snmp UI Show apmanagement US United States Show system Show version Show config Ssid PRE Shared KEY WPA PSK Enabled Dot11StationRequestFail Nocountryset System Logging Commands System Loggign CommandsShow hardware Syntax No logging on Default Setting Logging onLogging host Syntax No logging console Default Setting Logging consoleLogging level Syntax Logging facility-type type Logging facility-type Syntax Show logging Command Mode Syntax Logging clear Command ModeLogging clear Show logging Syntax Show event-log Command Mode System Clock CommandsSystem Clock Commands Show event-log Syntax No sntp-server enable Sntp-server enableSntp-server ip Syntax Sntp-server ip 1 2 ip Sntp-server ip 6-38 show sntp Sntp-server date-time Sntp-server daylight-saving Syntax No sntp-server daylight-saving Default SettingSntp-server timezone Syntax Sntp-server timezone hours TAIPEI, Beijing Show sntp Dhcp-relay enable Dhcp Relay CommandsSyntax No dhcp-relay enable Default Setting Dhcp Relay Commands Dhcp-relay Syntax Dhcp-relay primary secondary ipaddressShow dhcp-relay Snmp Commands Snmp Commands Displays the Snmp v3 notification filter assignments Snmp-server contact Snmp-server community Snmp-server location Snmp-server host Snmp-server enable server Snmp-server trap Hostname Name of the host. Range 1-63 characters Command Line Interface Snmp-server engine-id Syntax Snmp-server user user-name Snmp-server user Snmp-server targets Snmp-server filter Default Setting Show snmp groups Snmp-server filter-assignments Syntax Show snmp users Command Mode Syntax Show snmp groups Command ModeShow snmp users Show snmp group-assignments Syntax Show snmp target Command Mode Syntax Show snmp group-assignments Command ModeShow snmp target Show snmp filter Show snmp filter-assignments Syntax Show snmp filter-assignments Command Mode Show snmp Bootfile Flash/File CommandsSyntax Bootfile filename Flash/File Commands Copy Syntax Copy ftp tftp file copy config ftp tftp Delete File information is shown below Dir Radius Client Show bootfile Radius-server address Radius-server portSyntax Radius-server secondary port portnumber Syntax Radius-server secondary key keystring Radius-server keyRadius-server retransmit Syntax Radius-server secondary retransmit numberofretries Syntax Radius-server secondary timeout numberofseconds Radius-server timeoutRadius-server port-accounting Syntax Radius-server secondary port-accounting portnumber Radius-server radius-mac-format Radius-server timeout-interim Radius-server vlan-format Syntax Radius-server vlan-format hex asciiShow radius 802.1X Authentication 802.1X Authentication 802.1xSyntax 802.1x supported required no Using the Command Line Interface Syntax 802.1x broadcast-key-refresh-rate rate 802.1x broadcast-key-refresh-rate 802.1x session-timeout 802.1x session-key-refresh-rateSyntax 802.1x session-key-refresh-rate rate Default 802.1x-supplicant enable802.1x-supplicant user Show authentication MAC Address Authentication Syntax Address filter default allowed denied Address filter defaultAddress filter entry Syntax Address filter entry mac-addressallowed denied Address filter default 6-79 802.1x-supplicant user Syntax Mac-authentication server local remote Mac-authentication serverAddress filter delete Syntax Address filter delete mac-address Filtering Commands Mac-authentication session-timeoutSyntax Mac-authentication session-timeout minutes Filter local-bridge Filtering Commands Outdoor 11a Building to Building config#filter local-bridge Filter uplink enable Syntax No filter ap-manage DefaultSyntax No filter uplink enable Default Filter ap-manage Syntax No filter ethernet-type enable Default Filter ethernet-type enable Show filters Filter ethernet-type protocol WDS Bridge Commands WDS Bridge Commands Syntax Bridge mode master slave Bridge modeBridge role WDS Syntax Bridge role ap repeater bridge root-bridge Bridge channel-auto-sync Syntax Bridge channel-auto-sync enable disable Syntax Bridge-link parent mac-address Bridge-link parentBridge-link child Syntax Bridge-link child index mac-address Syntax Bridge dynamic-entry age-time seconds Bridge dynamic-entry age-time Seconds Show bridge aging-time Show bridge filter-entry MAC Show bridge link Syntax Show bridge link ethernet wireless a g index Parent 00-12-34-56-78-9a Child Spanning Tree Commands Bridge stp enableBridge Commands Bridge stp forwarding-delay Syntax No bridge stp enable Default Setting Bridge stp hello-time Syntax Bridge stp hello-time time No bridge stp hello-timeBridge stp max-age Syntax Bridge stp max-age seconds No bridge stp max-age Bridge stp prioritySyntax Bridge stp prioritypriority no bridge stp priority Syntax Bridge-link path-cost index cost Bridge-link path-cost Bridge-link port-priority Syntax Bridge-link port-priority index priorityShow bridge stp Ethernet Interface Commands Syntax Show bridge stp Command ModeEhternet Interface Commands Dns server Interface ethernet Ip address ip-address netmask gateway no ip address Ip address Ip dhcp Syntax No ip dhcp Default Setting Speed-duplex Syntax No shutdown Default SettingSyntax Speed-duplex auto 10MH 10MF 100MF 100MH Shutdown Show interface ethernet Syntax Show interface ethernet Default Setting Wireless Interface Commands Wireless Interface Commands Syntax Interface wireless a g Interface wireless Vap SpeedSyntax Speed speed Syntax Turbo static dynamic no turbo Turbo Syntax Multicast-data-rate speed Multicast-data-rate Syntax Channel channel auto Channel Transmit-power Radio-modeSyntax Radio-mode b g b+g Default Setting +g mode Command Mode PreambleSyntax Preamble long short-or-long Syntax Antenna control diversity left right Antenna control Syntax Antenna id antenna-id Antenna idAntenna location Syntax Antenna location indoor outdoor Syntax Beacon-interval interval Beacon-interval Syntax Dtim-period interval Dtim-period Syntax Fragmentation-length length Fragmentation-lengthRts-threshold Syntax Rts-threshold threshold Super-a Syntax No super-a Default Setting Syntax No super-g Default Setting Super-gDescription Syntax No closed-system Default Setting SsidClosed-system Syntax Assoc-timeout-interval minutes Assoc-timeout-intervalMax-association Syntax Max-association count Syntax Auth-timeout-value minutes Auth-timeout-value Syntax Show interface wireless a g vap-id Show interface wireless 130 131 132 Show station Rogue AP Detection Commands Rogue AP Commands Rogue-ap enable Syntax No rogue-ap authenticate Default Setting Rogue-ap authenticate Rogue-ap duration Syntax Rogue-ap duration millisecondsRogue-ap interval Rogue-ap scan Syntax Rogue-ap interval minutes 138 Wireless Security Commands Wireless Security CommandsShow rogue-ap Auth 141 Encryption Syntax No encryption Default Setting Key index size type value no key index Key Transmit-key Syntax Transmit-key indexKey 6-143 encryption 6-142 transmit-key Syntax Cipher-suite aes-ccmp tkip wep Cipher-suite Syntax Micmode hardware software Micmode Syntax Wpa-pre-shared-key hex passphrase-keyvalue Wpa-pre-shared-key Syntax Pmksa-lifetime minutes Pmksa-lifetime Pre-authentication Syntax No link-integrity ping-detect Default Setting Link Integrity CommandsLink Integrity Commands Link-integrity ping-detect Link-integrity ping-host Link-integrity ping-intervalSyntax Link-integrity ping-interval interval Link-integrity ping-fail-retry Syntax Link-integrity ping-fail-retry countsLink-integrity ethernet-detect Iapp Commands Syntax No link-integrity ethernet-detect Default SettingShow link-integrity Vlan Commands Syntax No iapp DefaultIapp Vlan Commands Command Description Syntax No vlan enable DefaultVlan Management-vlanid Syntax Vlan-id vlan-id Vlan-id WMM Commands WMM CommandsWmm Syntax No wmm supported required Syntax Wmm-acknowledge-policy acnumber ack noack Wmm-acknowledge-policy Wmmparam AP Access Point BSS Wireless client 161 162 Troubleshooting Page Page Page TWISTED-PAIR Cable Assignments Cables and Pinouts 10/100BASE-TX PIN Assignments STRAIGHT-THROUGH Wiring Crossover Wiring Pin DIN Ethernet Port Pinout PIN DIN Connector Pinout PIN DIN to RJ-45 Cable Wiring Glossary CSMA/CA Infrastructure Radius Virtual LAN Vlan Glossary-6 Index RTS STA