Manuals / Symbol Technologies / Computer Equipment / Switch

Symbol Technologies WS 2000 manual Configuring WPA-TKIP

Models: WS 2000

1 150

Download 150 pages 4.54 Kb

Page 34

Configuring WPA-TKIP

Step 6: Configure WLAN Security

4.When finished, click the OK button to close this screen.

5.Specify a Pass Key and click the Generate button. The pass key can be any alphanumeric string. The switch, other proprietary routers, and Symbol cards in mobile units (MUs) use an algorithm to convert an ASCII string to the same hexadecimal number, but this conversion is not required for a wireless connection.

6.Use the Key #1-4fields to specify key numbers that use 26 hexadecimal characters. Select one of these keys for active use by selecting its radio button.

7.Click the Apply button on the WLAN Security screen to save changes.

Configuring WPA-TKIP

EncryptionWi-Fi Protected Access (WPA) is specified in the IEEE Wireless Fidelity (Wi- Fi) standard, 802.11i. This security standard provides more sophisticated data encryption than WEP. WPA is designed for corporate networks and small-business environments where more wireless traffic allows quicker discovery of encryption keys by an unauthorized person.

WPA’s encryption method is Temporal Key Integrity Protocol (TKIP). TKIP addresses WEP weaknesses with a re-keying mechanism, a per-packet mixing function, a message integrity check, and an extended initialization vector. WPA also provides strong user authentication that is based on 802.1x EAP.

1.Select the WPA-TKIPradio button to enable Wi-Fi Protected Access (WPA) with Temporal Key Integrity Protocol (TKIP).

2.To use WPA-TKIP encryption with 802.1x EAP authentication or the No Authentication selection, click the WPA-TKIP Settings button to display a sub- screen for key and key rotation settings.

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved	34
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Image 34

Symbol Technologies WS 2000 manual Configuring WPA-TKIP

Contents

72E-67701-01 Rev A March System ReferenceWS 2000 Wireless Switch Copyright PatentsChapter Table of ContentsFeatures OverviewRetail Use Cases Advanced ConfigurationSystem Administration ChapterIndex Appendix A. Sample Configuration FileA Field Office Example ChapterAbout this Document WS 2000 Wireless Switch System Reference GuideChapter 1. Overview Document ConventionsSystem Overview Management of Access PortsWireless LAN WLAN Security Firewall SecurityPhysical Specifications Technical SpecificationsHardware Overview Power Specifications Operating System OS ServicesCell Controller Services Environmental SpecificationsGateway Services 802.11a Support Chapter 2. Features802.11b Support Access Ports Access Policies Gateway ServicesWS 2000 Wireless Switch Firewall Administration ManagementDHCP Client and Server Layer 3 RoutingSNMP Management Support OverviewWEP 64 40-bit key 802.1x with RADIUS AuthenticationWEP 128 104-bit Key 802.1x with Shared Key Authentication Kerberos AuthenticationWireless Protected Access WPA KeyGuard-MCM SupportChapter 3. Getting Started Installing the SwitchSet up Communication to the Switch Getting Started Overview4. Log in using “admin” as the username and “symbol” as the password Changing the Administrator Password 1. Select System Configuration -- WS-2000 Access from the left menuConfiguring the Switch Step 1 Configure the LAN InterfaceSecurity Network Defining the SubnetsAddress Step 2 Configure Subnets InterfacesThe DHCP Configuration Advanced DHCP Settings Step 3 Configure the WAN Interface Communicating with the Outside WorldSetting Up Point-to-Point over Ethernet PPPoE Communication Step 4 Enable Wireless LANs WLANs Wireless Summary Area Step 5 Configure WLANs Access Port AdoptionStep 6 Configure WLAN Security Setting the Authentication Method 802.1x EAP AuthenticationKerberos Authentication Setting the Encryption MethodConfiguring WEP Encryption Configuring WPA-TKIP 6. Select either the ASCII Passphrase or 128-bit Key radio button KeyGuard-MCM No EncryptionStep 7 Configure Access Ports Mobile Unit Access Control List ACLRadio type-This field indicates the wireless protocol that the Access Port follows. The WS 2000 Wireless Switch supports 802.11b and 802.11 a/b dual-radio Access Ports Power Level Step 8 Configure Subnet AccessPlacement NameThe Access Overview Table The Access Exception Area1. Click in a cell of the table that represents the subnet-to-subnet or subnet-to-WAN relationship to define. All access rules if any are defined appear in the table in the lower-half of the screen 5. Click the Apply button to save changes Chapter 4. Advanced Configuration WLAN-How to Configure Advanced SettingsWLAN-Setting Default Access Port Settings 5. Check the Antenna Diversity checkbox to enable Antenna Diversity if the Access Port has an external antenna. Antenna Diversity should only be enabled if the Access Port has two matching external antennas Beacon Interval 8. Set the beacon values as indicated in the table belowDTIM Period WLAN-Advanced Access Port Settings Copyright 2004 Symbol Technologies, Inc. All Rights Reserved WLAN-Advanced Access Port SettingsWS 2000 Wireless Switch 1.0 Date of last Revision March Beacon Interval 9. Set the beacon values as indicated in the table belowDTIM Period Gateway-How to Configure Network Address Translation NAT 2. For each of the addresses, the select the NAT type Gateway-How to Configure the WS 2000 Firewall Always On Firewall FiltersSource Routing Check Configurable Firewall FiltersSYN Flood Attack Check Winnuke Attack CheckGateway-How to Configure Static Routes MIME Flood Attack CheckDefining Routes Setting the RIP ConfigurationNo RIP Security-How to Configure 802.1x EAP Authentication 3. Click the 802.1x EAP Configuration button to display a sub-screen for specific authentication settings 16. Click the Apply button to save changes Security-How to Configure Kerberos Authentication Security-How to Specify a Network Time Protocol NTP Server WS 2000 Wireless Switch LED Functions Chapter 5. System AdministrationSwitch Settings OverviewChanging the Name of the Switch 1. Select System Configuration -- System Settings from the left menuLocation field Change the Location and Country Settings of the WS1. Select System Configuration -- System Settings from the left menu Updating the WS 2000 Wireless Switch’s Firmware How to Restart the WS 2000 Wireless Switch1. Select System Configuration -- System Settings from the left menu Checking for and Downloading Firmware updates Performing the Firmware UpdateSystem Configuration Exporting and Importing Wireless Switch SettingsTo Import Settings to a Local File To Import or Export Settings to an FTP SiteTo Export Settings to a Local File How to Restore Default Configuration Settings 2. Select System Configuration -- System Settings from the left menu3. Set the properties for the port as indicated below Setting the SNMP Version Configuration Remote AdministrationHow to Configure SNMP Traps Setting Up SNMP v1/v2c Community DefinitionsSetting Up SNMP v3 Community Definitions Setting Up the Access Control List Setting the Trap Configuration3. Check the traps to enable SNMP TrapsAP Traps MU TrapsSetting the Trap Configuration for SNMP v1/v2c Configure Administrator Access Setting the Trap Configuration for SNMPConfigure Management Access Changing the Administrator and Manager Passwords Access Port StatisticsSetup AirBEAM Software Access Statistics and LogsGeneral Access Port Information Received and Transmitted Tables Associated Mobile UnitsSubnet Statistics The Information portion of the Subnet Stats screen displays general information about the subnet WAN Statistics InterfacesTransmitted Received FieldDescription DescriptionSetting Up and Viewing the System Log Viewing the Log on the SwitchSetting Up a Log Server Chapter 6. Retail Use Cases BackgroundThe Plan Configuring the System Settings Contacting the Wireless SwitchEntering the Basic System Settings Setting Access Control Configuring the Subnets The IP Address PlanConfiguring POS Subnet Configuring the Printer Subnet WS 2000 Wireless Switch 1.0 Date of last Revision March Copyright 2004 Symbol Technologies, Inc. All Rights ReservedRetail Use Cases Configuring the Cafe Subnet Clarisa clicks Advanced DHCP Server and enters the DNS server IP addresses. The Default Gateway is fine. However, Clarisa expects the cafe patrons to come and go frequently, so she reduces the IP address lease time to 1800 seconds. This means that a DHCP client mobile unit will give up its IP address if it is inactive on the network for more than half an hour. This seems about right for the usage patterns that she expects for the cafe. If she gets complaints, she will bump it to an hour Configuring the WAN Interface Configuring Network Address Translation NAT After she makes this selection a new button appears, labeled 1 to Many Mappings. She selects the 1 to Many Mappings button Setting Access Port Defaults Configuring the Access PortsInspecting the Firewall Naming the POS Access Port Configuring the Printer Access Port Configuring the Cafe Access Port Associating the Access Ports to the WLANs Configuring the WLANs Configuring the Cafe WLANConfiguring the Printer WLAN Configuring the POS WLAN Setting Subnet Access For the POS subnet and the Printer subnet, she selects Allow all protocols when going to the WAN, the POS subnet, and the Printer subnet Testing Connections Configuring the ClientsChapter 7. A Field Office Example BackgroundEach WS 2000 WLAN has exactly one security policy, where a security policy is defined as a user authentication method and a data encryption method. Because each WLAN can have one and only one security policy, WLAN configuration is usually defined by the security needs of the installation. If two groups of users require different security policies, then they must associate to the WS 2000 through different WLANs. See the Retail Use Case for an example of an installation where different security needs drive the need for separate WLANs The PlanContacting the Wireless Switch Configuring the System SettingsTo begin configuration of the switch, Leo sets up a communication link to the switch. Leo starts with a direct network link between his laptop and the switch, plugging the cable into one of the local, non-WAN, ports. The switch defaults to having all the LAN ports on the first subnet and that subnet having an IP address of 192.168.0.1. So, as far as this connection is concerned, the switch comes up with an initial IP address of 192.168.0.1. He sets his laptop to have an IP address of 192.168.0.2 and a netmask of 255.255.255.0. He also sets the gateway IP address to be 192.168.0.1, the WS 2000’s IP address Entering the Basic System Settings Leo launches his web browser and enters “http//192.168.0.1/” as the URL. He logs in using “admin” for the username and “symbol” as the passwordSetting Access Control Leo then changes the switch passwords from the default to something relatively secure, something with letters, numbers, and punctuation marks in it Configuring the LAN Configuring the Engineering LANHe also selects the option This interface is a DHCP server. Choosing this DHCP option means that the switch will pick IP addresses from the Address Assignment Range and assign them to network clients on this subnet, as needed WS 2000 Wireless Switch 1.0 Date of last Revision March Copyright 2004 Symbol Technologies, Inc. All Rights ReservedA Field Office Example Configuring the Sales Subnet Configuring the WAN The next step is to set up the network address translations NAT Setting Up Network Address Translation The next step is to configure the firewall Confirm Firewall Configuration Adopting Access PortsLeo clicks the Apply button to save his changes Configuring the WLANs Security Leo clicks the OK button to save the 802.1x EAP settings Configuring the Access Ports Leo clicks the OK button to save his WPA-TKIP settings, then the Apply button to confirm the WLAN configurationHe does not change the Antenna Diversity setting, Short Preamble setting, the RTS Threshold, or the Beacon Settings. These parameters control some of the broadcast mechanics of an 802.11 communication between mobile units and Access Ports. In most cases, there is no reason to change them. He clicks Apply to save his choices He clicks the Apply button to save his changes Leo clicks Apply to save his changes Leo clicks the Apply button to save the changes for the administration Access Port Configuring Subnet Access Installing the Access Ports and Testing Config menu Appendix A. Sample Configuration FileWS2000 Configuration Command Script System Firmware Version WS2000 menuSNMP v1/v2c trap configuration delete v1v2c all SNMP ACL configuration delete acl allSNMP v1/v2c configuration delete v1v2c all SNMP v3 trap configuration delete v3 allWLAN 1 configuration set mode 1 enable WLAN 2 configurationWLAN 3 configuration set mode 3 disable Default 802.11 A radio configuration set reg A in/out 149 LAN configuration network Default 802.11 B radio configuration set reg B in/out 1Access Port configuration Port To Subnet Map configuration set port 1 s1WAN configuration LAN DHCP configuration networkenc-passwd 8e57 Firewall configuration set syn enable NAT configurationSubnet map configuration network Outbound 1-To-Many NAT configuration set outb map s1Inbound NAT configuration Router configuration networkCopyright 2004 Symbol Technologies, Inc. All Rights Reserved Sample Configuration FileWS 2000 Wireless Switch 1.0 Date of last Revision March Index example use casespower specifications operating system servicesphysical specifications See NATRouting information Protocol configuring printer Copyright 2004 Symbol Technologies, Inc. All Rights ReservedWS 2000 Wireless Switch 1.0 Date of last Revision March configuring security