Security | SMC Networks SMC2555W-AG specs

System Configuration

Security

The SMC2555W-AG is configured by default as an “open system,” which broadcasts a beacon signal including the configured SSID. Wireless clients can read the SSID from the beacon, and automatically reset their SSID to allow immediate connection to the nearest access point.

To improve wireless network security, you have to implement two main functions:

•Authentication: It must be verified that clients attempting to connect to the network are authorized users.

•Traffic Encryption: Data passing between the access point and clients must be protected from interception and evesdropping.

For a more secure network, the access point can implement one or a combination of the following security mechanisms:

• Wired Equivalent Privacy (WEP)		page 5-52
•	IEEE 802.1x	page 5-16
• Wireless MAC address filtering		page 5-14
•	Wi-Fi Protected Access (WPA)	page 5-57

5-50

Image 108

SMC Networks SMC2555W-AG manual Security

Contents

SMC2555W-AG Page Revision Number R02, F3.0.02 Copyright Trademarks Limited Warranty Limited Warranty Wireless 2.4 Ghz and 5 GHz Band Statements Federal Communication Commission Interference StatementFCC Radiation Exposure Statement Industry Canada Class B Japan Vcci Class B Australia/New Zealand AS/NZS EC Conformance Declaration Compliances Operation Using 5 GHz Channels in the European Community Declaration of Conformity in Languages of the European Viii Community Safety Compliance Power Cord Safety Cord set must be UL-approved and CSA certified France et Pérou uniquement Xii Xiii Xiv Table of Contents Command Line Interface Xvi Xvii Xviii Glossary Index Table of Contents Chapter Introduction Package Checklist Introduction Hardware Description Hardware DescriptionFront Panel Rear Panel LED Indicators Component DescriptionAntennas Security Slot Reset Button Console PortEthernet Port Features and Benefits Features and BenefitsPower Connector Applications Frequently changing environments System Defaults System Defaults MAC System Defaults Iapp 802.11b/g Introduction Hardware Installation Hardware Installation Attaching the Mounting Bracket Hardware Installation Hardware Installation Network Configuration Network Configuration Ad Hoc Wireless LAN no AP or BridgeNetwork Topologies Infrastructure Wireless LAN Network Topologies Infrastructure Wireless LAN for Roaming Wireless PCs Seamless Roaming Network Configuration Initial Setup through the CLI Required Connections Initial Configuration Initial Setup through the CLI Initial Configuration Steps Using the Web-based Management Setup Wizard Using the Web-based Management Setup Wizard Initial Configuration Using the Web-based Management Setup Wizard 802.11g Radio Channel Set the operating radio Using the Web-based Management Setup Wizard Initial Configuration System Configuration Advanced Configuration System Configuration Advanced Configuration System Identification Disabled TCP / IP Settings Advanced Configuration System Configuration SMC-APconfig#interface ethernet Radius Advanced Configuration Authentication fails. Range 1-30 Default SMC-APconfig#radius-server address Authentication Advanced Configuration System Configuration Advanced Configuration Local Allowed Secs Filter Control Number Radius Attribute Value Advanced Configuration Native Vlan AP Management Snmp Advanced Configuration SMC-APconfig#snmp-server host 10.1.19.23 alpha Administration Changing the Password SMC-APconfig#username bob SMC-APconfig#password smcadmin Upgrading Firmware System Configuration Advanced Configuration File Size System Log Enabling System Logging Error Level Description Configuring Sntp System Configuration Show sntp command TAIPEI, Beijing Radio Interface Radio Settings 802.11a Radio Interface Normal Mode Turbo Mode Radio Interface Enter Wireless configuration commands, one per line Enabled Radio Settings 802.11g Radio Interface SMC-APif-wireless g#select-antenna-mode right antenna Ssid Security WEP Wired Equivalent Privacy WEP Radio Interface WEP only WEP over Show interface wireless g command PRE Shared KEY Wi-Fi Protected Access WPA System Configuration Radio Interface System Configuration WPA pre-shared key only WPA over Show interface wireless a or show interface wireless g Command not shown in example Access Point Status Status InformationStatus Information System Configuration Days, 4 hours, 39 minutes Station Status True Event Logs 192.168.1.19 System Configuration Using the Command Line Interface Accessing the CLIConsole Connection Command Line Interface Telnet Connection Entering Commands Entering CommandsKeywords and Arguments Command Completion Getting Help on CommandsShowing Commands Minimum Abbreviation Partial Keyword Lookup Negating the Effect of Commands Using Command HistoryUnderstanding Command Modes Exec Commands Configuration Commands Command Line Processing Keystroke Function Entering Commands Command Groups Command Description Group General Commands General CommandsConfigure End Exit Command Usage PingSyntax Reset Syntax Reset board configurationShow history Console port settings are fixed at the values shown below Show line System Management Commands Command Function Mode System Management Commands System Clock Country Country countrycode SMC-AP#country ie Prompt System nameSyntax Prompt string no prompt Syntax System name name no system name Username Syntax Username name Password Syntax Password password no passwordIp http port Syntax Ip http port port-numberno ip http port Syntax Ip http server no ip http server Default Setting Ip http server Syntax Logging on no logging on Default Setting Logging onLogging host Syntax Logging console no logging console Default Setting Logging console Logging level Level Argument Description Default Setting Command Mode Syntax Show logging Command ModeLogging facility-type Show logging Sntp-server ip Syntax Sntp-server ip 1 2 ip Sntp-server enable Sntp-server date-time This example sets the system clock to 1737 June 19 Sntp-server daylight-saving Sntp-server timezone Show sntpSyntax Sntp-server timezone hours Show system Show version Snmp Commands Snmp CommandsSnmp-server community Snmp-server contact Syntax Snmp-server contact string no snmp-server contact Snmp-server enable server Snmp-server host No snmp-server host Snmp-server location Syntax Snmp-server location text no snmp-server location Flash/File Commands Show snmp Flash/File Commands BootfileSyntax Bootfile filename Syntax Copy ftp tftp file copy config ftp tftp Copy Delete Dir File information is shown below Radius Client Radius Client Radius-server address Radius-server portSyntax Radius-server secondary port portnumber Radius-server key Radius-server retransmitSyntax Radius-server secondary key keystring Syntax Radius-server secondary retransmit numberofretries Radius-server timeout Syntax Radius-server secondary timeout numberofseconds Show radius 802.1x Port Authentication 802.1x Port Authentication 802.1xSyntax 802.1x supported required no 802.1x broadcast-key-refresh-rate Syntax 802.1x broadcast-key-refresh-rate rate 802.1x session-key-refresh-rate Syntax 802.1x session-key-refresh-rate rate 802.1x session-timeout Address filter defaultDefault Syntax Address filter default allowed denied Address filter entry Syntax Address filter entry mac-addressallowed denied Address filter delete Syntax Address filter delete mac-address Mac-authentication server Syntax Mac-authentication server local remote Mac-authentication session-timeout Syntax Mac-authentication session-timeout seconds Show authentication Filtering Commands Syntax Filter local-bridge no filter local-bridge DefaultFilter local-bridge Filtering Commands Syntax Filter ap-manage no filter ap-manage DefaultFilter ap-manage Filter ethernet-type enable Filter ethernet-type protocol Interface Commands Show filters Interface Commands IC-W Transmit-power Syntax Interface ethernet wireless a g InterfaceDns server Ip address This example specifies two domain-name servers IP address Netmask Syntax Ip dhcp no ip dhcp Default Setting Ip dhcp Syntax Shutdown no shutdown Default Setting ShutdownShow interface ethernet Syntax Show interface ethernet Radio-mode Syntax Radio-mode b g b+g Select-antenna-mode Syntax Select-antenna-mode diversity right antenna Syntax Ssid-broadcast no ssid-broadcast Default Setting DescriptionSsid-broadcast Syntax Description string no description Speed Syntax Speed speed Channel Syntax Channel channel auto Turbo Ssid Beacon-intervalSyntax Beacon-interval interval Dtim-period Syntax Dtim-period interval Default Setting 2346 Command Mode Fragmentation-lengthSyntax Fragmentation-length length Rts-threshold Syntax Rts-threshold threshold Syntax Authentication open shared Encryption Key Key index size type value no key index Transmit-key Syntax Transmit-key index Transmit-power Transmit-powersignal-strength Max-association Syntax Max-association count Multicast-cipher Syntax Multicast-cipher AES Tkip WEP Wpa-clients Syntax Wpa-clients required supported Enhanced Data Encryption through Tkip Wpa-mode Syntax Wpa-mode dynamic pre-shared-key Wpa-preshared-key Syntax Wpa-preshared-key type value Wpa-psk-type Syntax Wpa-psk-type type Show interface wireless Syntax Show interface wireless a g Ssid SMC Show station Iapp Commands Syntax Iapp no iapp DefaultIapp Vlan Commands Vlan Commands Syntax Vlan enable no vlan Default Command DescriptionVlan Native-vlanid Syntax Native-vlanid vlan-id 102 Appendix a Troubleshooting Troubleshooting Troubleshooting Maximum Distance Table Important Notice Appendix B Cables and Pinouts Twisted-Pair Cable Assignments Cables and Pinouts 10/100BASE-TX Pin Assignments Straight-Through Wiring Crossover WiringTwisted-Pair Cable Assignments Wiring Map for Serial Cable Console Port Pin Assignments Serial Cable Signal Directions for DB-9 Ports Serial Cable Signal Directions for DB-25 PortsConsole Port Pin Assignments Cables and Pinouts General Specifications Specifications General Specifications Sensitivity Ieee 802.11a Sensitivity GHz dBm Modulation/Rates Transmit Power Specifications Access Point AuthenticationAd Hoc Advanced Encryption Standard AES Glossary Extended Service Set ESS Extensible Authentication Protocol EAPEthernet File Transfer Protocol FTP Inter Access Point Protocol Iapp Ieee 802.11bIeee 802.11g Ieee Power over Ethernet PoE Network Time Protocol NTPOpen System Orthogonal Frequency Division Multiplexing Odfm Service Set Identifier Ssid Session KeyShared Key Simple Network Management Protocol Snmp Wi-Fi Protected Access Trivial File Transfer Protocol TftpVirtual LAN Vlan WPA Pre-shared Key PSK Glossary-8 Index Index Index-3 Index-4 Page For Technical SUPPORT, Call