Nortel Networks 2300 manual Assigning Encryption Types to Wireless Users

454Configuring AAA for Network Users

Assigning Encryption Types to Wireless Users

When a user turns on a wireless laptop or PDA, the device attempts to find an access point and form an association with it. Because AP access ports support the encryption of wireless traffic, clients can choose an encryption type to use. You can configure AP access ports to use the encryption algorithms supported by the Wi-Fi Protected Access (WPA) security enhancement to the IEEE 802.11 wireless standard. (For details, see “Configuring User Encryption,” on page 191.)

If you have configured AP access ports to use specific encryption algorithms, you can enforce the type of encryption a user or group must have to access the network. When you assign the Encryption-Type attribute to a user or group, the encryption type or types are entered as an authorization attribute into the user or group record in the local WSS database or on the RADIUS server. Encryption-Type is a Nortel vendor-specific attribute (VSA).

Clients who attempt to use an unauthorized encryption method are rejected.

Assigning and Clearing Encryption Types Locally

To restrict wireless uses or groups with user profiles in the local WSS database to particular encryption algorithms for accessing the network, use one of the following commands:

set user username attr encryption-type value

set usergroup groupname attr encryption-type value set mac-user username attr encryption-type value

set mac-usergroupgroupname attr encryption-type value

WSS Software supports the following values for Encryption-Type, listed from most secure to least secure. (For user encryption details, see “Configuring User Encryption,” on page 191.)

For example, the following command restricts the MAC user group mac-fansto access the network by using only TKIP:

23x0# set mac-usergroup mac-fans attr encryption-type 4

success: change accepted.

320657-A