Authentication | 3Com WL-575, 3CRWEASYA73 guide

Authentication

The access point can also operate in a 802.1X supplicant mode. This enables the access point itself to be authenticated with a RADIUS server using a configured MD5 user name and password. This prevents rogue access points from gaining access to the network.

Take note of the following points before configuring MAC address or 802.1X authentication:

Use MAC address authentication for a small network with a limited number of users. MAC addresses can be manually configured on the access point itself without the need to set up a RADIUS server, but managing a large number of MAC addresses across many access points is very cumbersome. A RADIUS server can be used to centrally manage a larger database of user MAC addresses.

Use IEEE 802.1X authentication for networks with a larger number of users and where security is the most important issue. When using 802.1X authentication, a RADIUS server is required in the wired network to centrally manage the credentials of the wireless clients. It also provides a mechanism for enhanced network security using dynamic encryption key rotation or W-Fi Protected Access (WPA).

NOTE: If you configure RADIUS MAC authentication together with 802.1X, RADIUS MAC address authentication is performed prior to 802.1X authentication. If RADIUS MAC authentication succeeds, then 802.1X authentication is performed. If RADIUS MAC authentication fails, 802.1X authentication is not performed.

5-11

Image 59

3Com WL-575, 3CRWEASYA73 manual Authentication

Contents

User Guide 3Com Corporation 350 Campus Drive Marlborough, MA Contents Configuring Sntp Advanced Setup System IdentificationAuthentication Filter Control Configuring Snmp and Trap Message Parameters Command Line Interface Pin DIN to RJ-45 Cable Wiring B-6 Straight-Through Wiring Crossover Wiring B-4 Terminology Viii Introduction Product Features Approved Channels Radio Characteristics „ One Quick Start Guide Package Checklist External Antenna Options Hardware DescriptionIntegrated HIGH-GAIN Antenna Ethernet Port Power Injector Module Water Tight Test Point Grounding Point WALL- and POLE-MOUNTING Bracket KIT System ConfigurationOperating Modes POINT-TO-MULTIPOINT Configuration POINT-TO-POINT Configuration Beam Angle Page Bridge Link Planning Data Rates Radio Path Planning Antenna Height Miles 4.8 km 20 m 17 m 12 m Antenna Position and Orientation Weather Conditions Radio Interference Grounding Ethernet Cabling Hardware Installation Mount the Unit Testing Basic Link OperationUsing the POLE-MOUNTING Bracket Fit the edges of the V-shaped Part into the slots Using the WALL-MOUNTING Bracket Page Connect External Antennas Connect Cables to the Unit Connect the Power InjectorPage LED Check the LED Indicators Align Antennas High 11a Signal Page Networks Without a Dhcp Server Networks with a Dhcp Server Launching the 3COM Wireless Interface Device Manager Using the 3COM Installation CD Click on the Properties button to see the following screen First Time only Using the Setup Wizard Login Home page displays the Main Menu Setup Wizard Step Setup Wizard Step Setup Wizard Step Click Finish Click the OK button to complete the wizard System Configuration Advanced Setup Advanced Setup Advanced Setup System Identification TCP / IP Settings System Configuration Smart Monitor Radius Radius Authentication Authentication Authentication Authentication Authentication System Configuration Filter Control System Configuration Vlan Filter Control Vlan ID Snmp Configuring Snmp and Trap Message Parameters Snmp Trap Configuration Configuring SNMPv3 Users Configuring SNMPV3 Users Changing the Password Administration Telnet and SSH Settings Upgrading Firmware System Configuration „ IP Address IP address or host name of the Tftp server WDS and Spanning Tree Settings WDS and Spanning Tree Settings Root bridge acting as the master bridges parent WDS and Spanning Tree Settings Range Default Enabling System Logging System LOG Error Level Description Configuring Sntp Rssi Rssi Radio Interface 802.11A Interface Radio Settings a Radio Settings a and B/G Configuring Common Radio Settings System Configuration Normal Mode Turbo Mode System Configuration 802.11B/G Interface Radio Settings B/G Configuring WI-FI Multimedia Voice WMM Access CategoriesAccess Category WMM Backoff Times System Configuration Key Type See Wired Equivalent Privacy WEP Security Wi-Fi Protected Access WPA or WPA2Wireless Security Considerations MAC Radius Combination Authentication b Server Radius Wired Equivalent Privacy WEP Authentication and Encryption WPA Key Management WEP Keys Wi-Fi Protected Access WPA System Configuration WPA Configuration Settings Configuration settings for WPA are summarized below AP Status Status Information Station Status Static The client is using static WEP keys for encryption Security System Configuration Console Connection Using the Command Line InterfaceAccessing the CLI Telnet Connection Keywords and Arguments Entering Commands Showing Commands Command Modes Negating the Effect of Commands Configuration Commands Keystroke Commands Command Groups General Commands General CommandsConfigure Example Default SettingCommand Mode Related Commands Syntax Command UsageExit Ping Syntax Reset board configuration Reset Show line Show history Country System Management CommandsSystem Management Commands Country Codes Country countrycode Syntax Prompt string no prompt Prompt Syntax Username name System nameSyntax System name name no system name Username Ip ssh-server enable Password Syntax Ip ssh-server port port-number Default Setting Command ModeIp telnet-server enable Ip ssh-server port Ip http server Syntax No ip http server Default SettingIp http port Syntax Ip http port port-numberno ip http port Syntax Ip https port portnumber no ip https port Ip https port Ip https server Syntax No ip https server Default Setting Web-redirect Syntax No web-redirect Default Setting APmgmtIP multiple IPaddress subnetmask single IPaddress any APmgmtIP APmgmtUI Syntax APmgmtUI Snmp Telnet Web enable disable Snmp UI Show apmanagement US United States Show system Show version Show config Ssid PRE Shared KEY WPA PSK Enabled Dot11StationRequestFail Nocountryset Show hardware System Logging CommandsSystem Loggign Commands Logging host Syntax No logging on Default SettingLogging on Logging level Syntax No logging console Default SettingLogging console Syntax Logging facility-type type Logging facility-type Show logging Syntax Logging clear Command ModeSyntax Show logging Command Mode Logging clear Show event-log System Clock CommandsSyntax Show event-log Command Mode System Clock Commands Syntax Sntp-server ip 1 2 ip Sntp-server enableSyntax No sntp-server enable Sntp-server ip Sntp-server ip 6-38 show sntp Sntp-server date-time Syntax Sntp-server timezone hours Syntax No sntp-server daylight-saving Default SettingSntp-server daylight-saving Sntp-server timezone TAIPEI, Beijing Show sntp Dhcp Relay Commands Dhcp Relay CommandsDhcp-relay enable Syntax No dhcp-relay enable Default Setting Show dhcp-relay Dhcp-relaySyntax Dhcp-relay primary secondary ipaddress Snmp Commands Snmp Commands Displays the Snmp v3 notification filter assignments Snmp-server contact Snmp-server community Snmp-server location Snmp-server host Snmp-server enable server Snmp-server trap Hostname Name of the host. Range 1-63 characters Command Line Interface Snmp-server engine-id Syntax Snmp-server user user-name Snmp-server user Snmp-server targets Snmp-server filter Default Setting Show snmp groups Snmp-server filter-assignments Show snmp group-assignments Syntax Show snmp groups Command ModeSyntax Show snmp users Command Mode Show snmp users Show snmp filter Syntax Show snmp group-assignments Command ModeSyntax Show snmp target Command Mode Show snmp target Show snmp filter-assignments Syntax Show snmp filter-assignments Command Mode Show snmp Flash/File Commands Flash/File CommandsBootfile Syntax Bootfile filename Copy Syntax Copy ftp tftp file copy config ftp tftp Delete File information is shown below Dir Radius Client Show bootfile Syntax Radius-server secondary port portnumber Radius-server addressRadius-server port Syntax Radius-server secondary retransmit numberofretries Radius-server keySyntax Radius-server secondary key keystring Radius-server retransmit Syntax Radius-server secondary port-accounting portnumber Radius-server timeoutSyntax Radius-server secondary timeout numberofseconds Radius-server port-accounting Radius-server radius-mac-format Radius-server timeout-interim Show radius Radius-server vlan-formatSyntax Radius-server vlan-format hex ascii 802.1X Authentication Syntax 802.1x supported required no 802.1X Authentication802.1x Using the Command Line Interface Syntax 802.1x broadcast-key-refresh-rate rate 802.1x broadcast-key-refresh-rate Syntax 802.1x session-key-refresh-rate rate 802.1x session-timeout802.1x session-key-refresh-rate 802.1x-supplicant user Default802.1x-supplicant enable Show authentication MAC Address Authentication Syntax Address filter entry mac-addressallowed denied Address filter defaultSyntax Address filter default allowed denied Address filter entry Address filter default 6-79 802.1x-supplicant user Syntax Address filter delete mac-address Mac-authentication serverSyntax Mac-authentication server local remote Address filter delete Syntax Mac-authentication session-timeout minutes Filtering CommandsMac-authentication session-timeout Filter local-bridge Filtering Commands Outdoor 11a Building to Building config#filter local-bridge Filter ap-manage Syntax No filter ap-manage DefaultFilter uplink enable Syntax No filter uplink enable Default Syntax No filter ethernet-type enable Default Filter ethernet-type enable Show filters Filter ethernet-type protocol WDS Bridge Commands WDS Bridge Commands Syntax Bridge role ap repeater bridge root-bridge Bridge modeSyntax Bridge mode master slave Bridge role WDS Bridge channel-auto-sync Syntax Bridge channel-auto-sync enable disable Syntax Bridge-link child index mac-address Bridge-link parentSyntax Bridge-link parent mac-address Bridge-link child Syntax Bridge dynamic-entry age-time seconds Bridge dynamic-entry age-time Seconds Show bridge aging-time Show bridge filter-entry MAC Show bridge link Syntax Show bridge link ethernet wireless a g index Parent 00-12-34-56-78-9a Child Bridge Commands Spanning Tree CommandsBridge stp enable Bridge stp forwarding-delay Syntax No bridge stp enable Default Setting Bridge stp max-age Bridge stp hello-timeSyntax Bridge stp hello-time time No bridge stp hello-time Syntax Bridge stp prioritypriority no bridge stp priority Syntax Bridge stp max-age seconds No bridge stp max-ageBridge stp priority Syntax Bridge-link path-cost index cost Bridge-link path-cost Show bridge stp Bridge-link port-prioritySyntax Bridge-link port-priority index priority Ehternet Interface Commands Ethernet Interface CommandsSyntax Show bridge stp Command Mode Dns server Interface ethernet Ip address ip-address netmask gateway no ip address Ip address Ip dhcp Syntax No ip dhcp Default Setting Shutdown Syntax No shutdown Default SettingSpeed-duplex Syntax Speed-duplex auto 10MH 10MF 100MF 100MH Show interface ethernet Syntax Show interface ethernet Default Setting Wireless Interface Commands Wireless Interface Commands Syntax Interface wireless a g Interface wireless Syntax Speed speed VapSpeed Syntax Turbo static dynamic no turbo Turbo Syntax Multicast-data-rate speed Multicast-data-rate Syntax Channel channel auto Channel Syntax Radio-mode b g b+g Transmit-powerRadio-mode Syntax Preamble long short-or-long Default Setting +g mode Command ModePreamble Syntax Antenna control diversity left right Antenna control Syntax Antenna location indoor outdoor Antenna idSyntax Antenna id antenna-id Antenna location Syntax Beacon-interval interval Beacon-interval Syntax Dtim-period interval Dtim-period Syntax Rts-threshold threshold Fragmentation-lengthSyntax Fragmentation-length length Rts-threshold Super-a Syntax No super-a Default Setting Description Syntax No super-g Default SettingSuper-g Closed-system Syntax No closed-system Default SettingSsid Syntax Max-association count Assoc-timeout-intervalSyntax Assoc-timeout-interval minutes Max-association Syntax Auth-timeout-value minutes Auth-timeout-value Syntax Show interface wireless a g vap-id Show interface wireless 130 131 132 Show station Rogue AP Detection Commands Rogue AP Commands Rogue-ap enable Syntax No rogue-ap authenticate Default Setting Rogue-ap authenticate Rogue-ap interval Rogue-ap durationSyntax Rogue-ap duration milliseconds Rogue-ap scan Syntax Rogue-ap interval minutes 138 Show rogue-ap Wireless Security CommandsWireless Security Commands Auth 141 Encryption Syntax No encryption Default Setting Key index size type value no key index Key Key 6-143 encryption 6-142 transmit-key Transmit-keySyntax Transmit-key index Syntax Cipher-suite aes-ccmp tkip wep Cipher-suite Syntax Micmode hardware software Micmode Syntax Wpa-pre-shared-key hex passphrase-keyvalue Wpa-pre-shared-key Syntax Pmksa-lifetime minutes Pmksa-lifetime Pre-authentication Link-integrity ping-detect Link Integrity CommandsSyntax No link-integrity ping-detect Default Setting Link Integrity Commands Syntax Link-integrity ping-interval interval Link-integrity ping-hostLink-integrity ping-interval Link-integrity ethernet-detect Link-integrity ping-fail-retrySyntax Link-integrity ping-fail-retry counts Show link-integrity Iapp CommandsSyntax No link-integrity ethernet-detect Default Setting Iapp Vlan CommandsSyntax No iapp Default Vlan Commands Management-vlanid Syntax No vlan enable DefaultCommand Description Vlan Syntax Vlan-id vlan-id Vlan-id Syntax No wmm supported required WMM CommandsWMM Commands Wmm Syntax Wmm-acknowledge-policy acnumber ack noack Wmm-acknowledge-policy Wmmparam AP Access Point BSS Wireless client 161 162 Troubleshooting Page Page Page TWISTED-PAIR Cable Assignments Cables and Pinouts 10/100BASE-TX PIN Assignments STRAIGHT-THROUGH Wiring Crossover Wiring Pin DIN Ethernet Port Pinout PIN DIN Connector Pinout PIN DIN to RJ-45 Cable Wiring Glossary CSMA/CA Infrastructure Radius Virtual LAN Vlan Glossary-6 Index RTS STA