4-28WS5100 Series Switch System Reference Guide

across an insecure network connection. Once a MU and server prove their identity, they can encrypt all communications to assure privacy and data integrity. Kerberos can only be used on the with Motorola clients.

CAUTION: Kerberos makes no provisions for host security. Kerberos assumes it is

!running on a trusted host with an untrusted network. If host security is compromised, Kerberos is compromised as well

To configure a Kerberos authentication scheme for a WLAN:

1.Select Network > Wireless LANs from the main menu tree.

2.Select an existing WLAN from those displayed within the Configuration tab.

3.Click the Edit button.

A WLAN screen displays with the WLAN’s existing configuration. Refer to the Authentication and Encryption columns to assess the WLAN’s existing security configuration.

4.Select the Kerberos button from within the Authentication field.

NOTE: Kerberos requires at least one encryption scheme be enabled (WEP 128 or other). If neither WEP 128 or KeyGuard is enabled, WEP 128 will automatically be enabled for use with Kerberos.

5. Click the Config button to the right of the Kerberos checkbox. The Kerberos screen displays.

6.Specify a case-sensitive Realm Name (for example, MOTOROLA.COM).

The realm name is the name domain/realm name of the KDC Server. A realm name functions similarly to a DNS domain name. In theory, the realm name is arbitrary. However, in practice a Kerberos realm is named by uppercasing the DNS domain name associated with hosts in the realm.

7.Enter a Server IP Addr (IP address) for the Primary and (if necessary) Backup KDC.

Specify a numerical (non-DNS) IP address for the Primary Key Distribution Center (KDC). The KDC implements an Authentication Service and a Ticket Granting Service, whereby an authorized user is granted a ticket encrypted with the user's password. The KDC has a copy of every user password provided. Optionally, specify a numerical (non-DNS) IP address for a backup KDC. Backup KDCs are often referred to as slave servers.

8.Specify the Ports on which the Primary and Backup KDCs reside.

The default port number for Kerberos Key Distribution Centers is port 88.

Page 102
Image 102
Motorola manual 28WS5100 Series Switch System Reference Guide