SMC Networks SMC2552W-G2-17 manual Configuring

Radio Interface 6

CLI Commands for WPA Over 802.1X Security – First set 802.1X to required using the 802.1X command and set the 802.1X key refresh rates. Then 802.11g interface configuration mode, use the vap command to access each VAP interface to configure other security settings.

From the VAP interface configuration mode, use the authentication command to select open system authentication and the encryption command to enable data encryption. Use the wpa-clientscommand to set WPA to be required or supported for clients. Use the wpa-modecommand to enable WPA dynamic keys over 802.1X. Set the broadcast and multicast key encryption using the multicast-ciphercommand. To view the current security settings use the show interface wireless g 0 command (not shown in example).

Configuring 802.1X

IEEE 802.1X is a standard framework for network access control that uses a central RADIUS server for user authentication. This control feature prevents unauthorized access to the network by requiring an 802.1X client application to submit user credentials for authentication. The 802.1X standard uses the Extensible Authentication Protocol (EAP) to pass user credentials (either digital certificates, user names and passwords, or other) from the client to the RADIUS server. Client authentication is then verified on the RADIUS server before the access point grants client access to the network.

The 802.1X EAP packets are also used to pass dynamic unicast session keys and static broadcast keys to wireless clients. Session keys are unique to each client and are used to encrypt and correlate traffic passing between a specific client and the access point. You can also enable broadcast key rotation, so the access point provides a dynamic broadcast key and changes it at a specified interval.

6-79