6: Network Settings

<configgroup name=”wlan profile” instance=”profile name”>

and

<configitem name=”security”>

WLAN Profile WPA and WPA2/IEEE802.11i Settings

WPA and WPA2/IEEE802.11i security suites are available for Infrastructure mode only.

WPA is a security standard specified by the WiFi Alliance and is a close derivative of an early draft of the IEEE802.11i specification. WEP was becoming vulnerable and finalizing the IEEE802.11i standard was still far away. WPA2 is WiFi’s subset of the broad IEEE802.11i standard to enforce better interoperability. The PremierWave XN is compliant with both WPA2 and IEEE802.11i.

Table 6-12 WLAN Profile WPA and WPA2/IEEE802.11i Settings

WLAN Profile WPA

Description

& WPA2 Settings

 

Authentication

Select the authentication method to be used.

 

PSK = Pre-Shared Key. The same key needs to be configured on both sides of

 

the connection. (On the PremierWave XN and on the Access Point.)

 

IEEE 802.1X = This authentication method communicates with a RADIUS

 

authentication server that is part of the network. The RADIUS server will match

 

the credentials sent by the PremierWave XN with an internal database.

 

 

Key

64 hexadecimal digits (32 bytes.)

 

 

IEEE 802.1X

Select the protocol to use to authenticate the WLAN client.

 

LEAP = Lightweight Extensible Authentication Protocol. A derivative of the

 

original Cisco LEAP, which was a predecessor of 802.1X. Real Cisco LEAP

 

uses a special MAC layer authentication (called Network EAP) and cannot work

 

with WPA/WPA2. The PremierWave XN uses a more generic version to be

 

compatible with other major brand WiFi equipment. The authentication back end

 

is the same.

 

EAP-TLS = Extensible Authentication Protocol - Transport Layer Security. Uses

 

the latest incarnation of the Secure Sockets Layer (SSL) standard and is the

 

most secure because it requires authentication certificates on both the network

 

side and the PremierWave XN side.

 

EAP-TTLS = Extensible Authentication Protocol - Tunneled Transport Layer

 

Security.

 

PEAP = Protected Extensible Authentication Protocol.

 

EAP-TTLSand PEAP have been developed to avoid the requirement of

 

certificates on the client side (PremierWave XN), which makes deployment more

 

cumbersome. Both make use of EAP-TLSto authenticate the server (network)

 

side and establish an encrypted tunnel. This is called the outer-authentication.

 

Then a conventional authentication method (MD5, MSCHAP, etc.) is used

 

through the tunnel to authenticate the PremierWave XN. This is called inner

 

authentication.

 

EAP-TTLSand PEAP have been developed by different consortia and vary in

 

details, of which the most visible is the supported list of inner authentications.

 

Note: When using EAP-TLS, EAP-TTLSor PEAP authority, at least one authority

 

certificate will have to be installed in the SSL configuration that is able to verify the

 

RADIUS server’s certificate. In case of EAP-TLS, also a certificate and matching

 

private key need to be configured to authenticate the PremierWave XN to the

 

RADIUS server. For more information about SSL certificates see TLS (SSL) on

 

page 92.

 

 

PremierWave XN User Guide

43

Page 42 Page 44
Page 43
Image 43
Lantronix XN manual Wlan Profile WPA and WPA2/IEEE802.11i Settings, Wlan Profile WPA Description WPA2 Settings, Key, Ieee
Page 42 Page 44
Top Page Image Contents