6 System Configuration

CLI Commands for SSH – To enable the SSH server, use the ip ssh-server enable command from the CLI Ethernet interface configuration mode. To set the SSH server UDP port, use the ip ssh-server port command. To view the current settings, use the show system command from the CLI Exec mode (not shown in the following example).

Enterprise AP(if-ethernet)#no ip telnet-server

7-17

Enterprise AP(if-ethernet)#ip

ssh-server enable

7-16

Enterprise AP(if-ethernet)#ip

ssh-server port 1124

7-16

Enterprise

AP(if-ethernet)#exit

 

Enterprise

AP(if-ethernet)#configure

 

 

 

 

 

Authentication

Wireless clients can be authenticated for network access by checking their MAC address against the local database configured on the access point, or by using a database configured on a central RADIUS server. Alternatively, authentication can be implemented using the IEEE 802.1X network access control protocol.

A client’s MAC address provides relatively weak user authentication, since MAC addresses can be easily captured and used by another station to break into the network. Using 802.1X provides more robust user authentication using user names and passwords or digital certificates. You can configure the access point to use both MAC address and 802.1X authentication, with client station MAC authentication occurring prior to IEEE 802.1X authentication. However, it is better to choose one or the other, as appropriate.

Take note of the following points before configuring MAC address or 802.1X authentication:

Use MAC address authentication for a small network with a limited number of users. MAC addresses can be manually configured on the access point itself without the need to set up a RADIUS server, but managing a large number of MAC addresses across many access points is very cumbersome. A RADIUS server can be used to centrally manage a larger database of user MAC addresses.

Use IEEE 802.1X authentication for networks with a larger number of users and where security is the most important issue. When using 802.1X authentication, a RADIUS server is required in the wired network to centrally manage the credentials of the wireless clients. It also provides a mechanism for enhanced network security using dynamic encryption key rotation or W-Fi Protected Access (WPA).

Note: If you configure RADIUS MAC authentication together with 802.1X, RADIUS MAC address authentication is performed prior to 802.1X authentication. If RADIUS MAC authentication succeeds, then 802.1X authentication is performed. If RADIUS MAC authentication fails, 802.1X authentication is not performed.

The access point can also operate in a 802.1X supplicant mode. This enables the access point itself to be authenticated with a RADIUS server using a configured MD5 user name and password. This prevents rogue access points from gaining access to the network.

6-12

Page 58 Page 60
Page 59
Image 59
SMC Networks SMC2552W-G2-17 manual Authentication
Page 58 Page 60

SMC2552W-G2-17, SMC2552W-G2 specifications

The SMC Networks SMC2552W-G2 and SMC2552W-G2-17 are advanced wireless access points designed for a range of networking environments, offering robust features suited to both home and business applications. These devices are known for their reliable performance, making them a popular choice for those seeking to enhance network connectivity and coverage.

One of the primary features of the SMC2552W-G2 is its dual-band capability, operating on both the 2.4 GHz and 5 GHz frequency bands. This versatility allows users to take advantage of the high capacity of the 5 GHz band, which is less congested and ideal for activities that require substantial bandwidth, such as streaming and online gaming. The 2.4 GHz band, on the other hand, provides better penetration through walls and is more suitable for basic browsing and mobile device connectivity.

Another significant characteristic is the device's support for the 802.11n Wi-Fi standard, which enables data rates of up to 300 Mbps. This standard ensures a fast and stable wireless connection, facilitating a seamless online experience for multiple devices simultaneously. The integration of MIMO (Multiple Input Multiple Output) technology further enhances the performance, allowing for multiple data streams to be transmitted and received, significantly increasing throughput and range.

The SMC2552W-G2 series also boasts advanced security features, including WPA/WPA2 encryption and support for 802.1X authentication. These security protocols provide robust protection against unauthorized access and ensure that data transmitted over the network remains secure.

In terms of management, these access points offer both web-based and SNMP (Simple Network Management Protocol) interfaces, enabling users to easily configure and monitor the network settings. This user-friendly interface simplifies the process of overseeing network performance and troubleshooting issues when they arise.

The SMC2552W-G2 and SMC2552W-G2-17 are designed for easy installation, whether as stand-alone units or as part of a larger network. Their compact design allows for flexible mounting options, making them suitable for various environments.

In summary, the SMC Networks SMC2552W-G2 and SMC2552W-G2-17 provide an excellent combination of speed, security, and ease of management, making them ideal solutions for enhancing wireless connectivity in both home and office settings. Their dual-band functionality, compliance with the latest Wi-Fi standards, and comprehensive security measures ensure a reliable and efficient networking experience.
Top Page Image Contents