Key Management, Encryption Algorithm | USRobotics Instant802 APSDK

Professional Access Point

Administrator Guide

SEE ALSO

For information on how to configure this mode, see “None” on page 108 under “Configuring Security Settings”.

When to Use Static WEP

Static Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks. All wireless stations and access points on the network are configured with a static 64-bit (40-bit secret key + 24-bit initialization vector (IV)) or 128-bit (104-bit secret key + 24-bit IV) Shared Key for data encryption.

Key Management

Static WEP uses a fixed key that is provided by the administrator. WEP keys are indexed in different slots (up to four on the Professional Access Point).

The client devices must have the same key indexed in the same slot to access data on the access point.

Encryption Algorithm

An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame.

User Authentication

If you set the Authentication Algorithm to Shared Key, this protocol provides a rudimentary form of user authenti- cation.

However, if the Authentication Algo- rithm is set to Open System, no authentication is performed.

If the algorithm is set to Both, only WEP clients are authenticated.

RECOMMENDATIONS

Static WEP was designed to provide security equivalent of sending unencrypted data through an Ethernet connection, however it has major flaws and it does not provide even this intended level of security.

Therefore, Static WEP is not recommended as a secure mode. The only time to use Static WEP is when interoperability issues make it the only option available to you and you are not concerned with the potential of exposing the data on your network.

SEE ALSO

For information on how to configure Static WEP security mode, see “Static WEP” on page 108 under “Configuring Security Settings”.

When to Use IEEE 802.1x

IEEE 802.1x is the standard for passing the Extensible Authentication Protocol (EAP) over an 802.11 wireless network using a protocol called EAP Encapsulation Over LANs (EAPOL). This is a newer, more secure standard than Static WEP.

Security - 103

Image 103

USRobotics Instant802 APSDK manual Key Management, Encryption Algorithm, User Authentication

Contents

R46.1224.00 rev 2.0 07/06 Professional Access Point Administrator GuidePage USA Professional Access Point Administrator Guide Professional Access Point Administrator Guide Contents Support Information Class Structure, Commands, and ExamplesAdvanced Class and Field Reference Robotics Corporation Two 2 Year Limited Warranty Viii Online Help Features Administrator Audience Typographical Conventions Recommended Settings, Notes and Cautions Getting Started Security Features Features and BenefitsIeee Standards Support and Wi-Fi Compliance Wireless Features Clustering and Auto-Management Guest InterfaceNetworking Snmp Support What’s Next?Maintainability Professional Access Point Option Default Settings Related Information Default Settings for the Professional Access Point Authentication Type Ieee 802.11 ModeTransmit Power Security Mode None What the Access Point Does Not Provide Administrator’s ComputerRequired Software or Component Description Required Component Description Wireless Client Computers Dynamic IP Addressing How Does the Access Point Obtain an IP Address at Startup?Required Component Static IP Addressing Recovering an IP Address Professional Access Point Administrator Guide Access Point Hardware and Ports Unpack the access pointWhat’s inside the Access Point? Connect the access point to network and power UK Users Hardware Connections for a Guest Vlan Professional Access Point Administrator Guide Professional Access Point Administrator Guide Professional Access Point Administrator Guide Username Viewing Basic Settings for Access PointsField Default Setting Log on to the Web User Interface Configure Basic Settings and start the wireless network Default Configuration Make Sure the Access Point is Connected to the LAN Wall Mounting the Access Point Test LAN Connectivity with Wireless Clients Web User Interface Navigating to Basic Settings Firmware Version Review / Describe the Access PointField Description MAC Address Wireless Network Name Ssid Provide Administrator Password and Wireless Network NameAdministrator Password Administrator Password again New Access Points Set Configuration Policy for New Access PointsField Summary of Settings Update Basic Settings Your Network at a Glance Understanding Indicator Icons Basic Settings for a Standalone Access PointIcon Description Professional Access Point Administrator Guide Cluster Access Points Understanding Clustering Navigating to Access Points Management How Many APs Can a Cluster Support? What is a Cluster?What Kinds of APs Can Cluster? Settings Not Shared by the Cluster Standalone Mode Cluster ModeCluster Formation Intra-Cluster Security Understanding Access Point SettingsAuto-Synchronization of Cluster Configuration Cluster Size and Membership Modifying the Location Description Removing an Access Point from the Cluster Http//IPAddressOfAccessPoint Adding an Access Point to a Cluster Professional Access Point Administrator Guide Professional Access Point Administrator Guide User Management Viewing User Accounts Navigating to User Management for Clustered Access PointsAdding a User Real Name Editing a User AccountEnabling and Disabling User Accounts Enabling a User Account Disabling a User Account Restoring a User Database from a Backup FileRemoving a User Account Backing Up and Restoring a User Database Professional Access Point Administrator Guide Professional Access Point Administrator Guide Navigating to Session Monitoring Sessions User AP Location User MAC Idle Rate Understanding Session Monitoring Information Refreshing Session Information Viewing Session Information for Access PointsSignal Utilization Rx Total Tx Total Error Rate Sorting Session Information Professional Access Point Administrator Guide Channel Management Overlapping Channels Background Information Navigating to Channel ManagementUnderstanding Channel Management How it Works Overview Example a Network before and after Channel Management Configuring and Viewing Channel Management Settings Stopping/Starting Automatic Channel Assignment IP Address Current Proposed Viewing Current Channel Assignments and Setting LocksViewing Last Proposed Set of Changes IP Address Band Current Locked Determine if there is better set of channels every Use these channels when applying channel assignmentsAdvanced Change channels if interference is reduced by at least Apply channel modifications even when the network is busy Professional Access Point Administrator Guide Wireless Neighborhood Understanding Wireless Neighbourhood Information Navigating to Wireless Neighborhood Display neighboring APs Viewing Wireless NeighborhoodCluster Neighbors Details for a Cluster Member AP Viewing Details for a Cluster Member Channel SignalBeacon Age Interfaces Status Wireless Settings Ethernet Wired Settings Log Relay Host for Kernel Messages Events Tmp/APsyslog Setting Up the Log Relay HostUnderstanding Remote Logging SYSLOGD=-r Relay Host Log Relay Host EnabledEnabled Etc/init.d/sysklogd restart Events Log Transmit/Receive Statistics Total Packets ErrorsClient Associations Name Ssid Link Integrity Monitoring What is the Difference Between an Association and a Session? Select AP Detection Enabled Neighboring Access Points Type Beacon IntPrivacy Last Beacon # of BeaconsRates Professional Access Point Administrator Guide Advanced Ethernet Wired Settings Navigating to Ethernet Wired Settings Enabling and Disabling Guest Access Setting the DNS NameManaging Guest Access Configuring an Internal LAN and a Guest Network For Guest access, use Guest AccessSpecifying a Virtual Guest Network Virtual Wireless Networks Configuring Internal Interface Ethernet Settings Static IP Address Default GatewayDNS Nameservers Updating Settings Configuring Guest Interface Ethernet Wired SettingsSubnet Professional Access Point Administrator Guide Navigating to Wireless Settings Wireless Settings 802.11d Regulatory Domain Support Configuring 802.11d Regulatory Domain Support Configuring Internal LAN Wireless Settings Configuring the Radio InterfaceMode Channel Read-only field Configuring Guest Network Wireless Settings How Do I Know Which Security Mode to Use? Understanding Security Issues on Wireless NetworksSecurity When to Use No Security Key Management User AuthenticationEncryption Algorithm Encryption Algorithms When to Use WPA/WPA2 Enterprise Radius How Does Station Isolation Protect the Network? Does Prohibiting the Broadcast of Ssid Enhance Security? Configuring Security Settings Navigating to Security SettingsBroadcast SSID, Station Isolation, and Security Mode Static WEP None Professional Access Point Administrator Guide Key Type Transfer Key IndexKey Length Bits Open System Shared Key Both Authentication Algorithm Example of Using Static WEP Static WEP with Transfer KEY Indexes on Client Devices Ieee Radius IP Authentication ServerEnable Radius Accounting WPA/WPA2 Personal PSK Cipher Suites WPA Versions Key WPA/WPA2 Enterprise Radius Improving the security of the network Enable pre-authentication Enter the Radius IP Professional Access Point Administrator Guide Configuring Guest Access Using Virtual LANs Guest LoginConfiguring a Guest Network on a Virtual LAN DSL/T1 Using the Guest Network Configuring the Welcome Screen Captive Portal Configuring a Guest Network on a Dedicated Access Point Configuring Guest Access without Virtual LANs Navigating to Virtual Wireless Network Settings Virtual Wireless Networks Two Configuring VLANsVirtual Wireless Network One Ton Professional Access Point Administrator Guide Radio Understanding Radio Settings Configuring Radio Settings Navigating to Radio SettingsStatus On/Off Ieee 802.11b ModeSuper G Maximum Stations Broadcast a subset of its supported rate sets Rate Sets Professional Access Point Administrator Guide MAC Filtering Navigating to MAC Filtering Settings Filter Using MAC Filtering Stations List Professional Access Point Administrator Guide Understanding Load Balancing Load BalancingSpecifying Limits for Utilization and Client Associations Configuring Load Balancing Navigating to Load Balancing SettingsLoad Balancing and QoS Tion Utilization for No New AssociationsUtilization for Disassociation Stations Threshold for Disassocia To apply your changes, click Update Settings 802.11e and WMM Standards Support Quality of ServiceUnderstanding QoS QoS and Load Balancing QoS Queues and Parameters to Coordinate Traffic Flow Professional Access Point Administrator Guide Random Backoff and Minimum / Maximum Contention Windows Configuring QoS Queues Navigating to QoS Settings Configuring AP Edca Parameters Enabling/Disabling Wi-Fi Multimedia Data 0 Voice Configuring Station Edca Parameters Transmission Opportunity Limit Txop Limit Professional Access Point Administrator Guide Understanding the Wireless Distribution System Wireless Distribution SystemUsing WDS to Bridge Distant Wired LANs LAN Segment Backup Links and Unwanted Loops in WDS Bridges Security Considerations Related to WDS Bridges Navigating to WDS Settings Configuring WDS Settings Internal Network Local AddressRemote Address Bridge with Disabled Example of Configuring a WDS LinkWEP Key Local Address Professional Access Point Administrator Guide Time Protocol Navigating to Time Protocol Settings Enabling and Disabling a Network Time Protocol NTP Server NTP Server Professional Access Point Administrator Guide Understanding Snmp Snmp Navigating to Simple Network Management Protocol Read-write community name for per Enable SnmpRead-only Community Name entire Allow Snmp SET Requests Rebooting and Upgrading Your Access Point Using Snmp Configuring Your Network Management SystemSource hostname or subnet Ftp//192.168.1.100/54531.1.24.tar Rebooting Your Access Point Using SnmpUpgrading your Access Point Ftp//testuser1testuser1@192.168.1.9922/54531.1.23.tar Professional Access Point Administrator Guide Reset Configuration Reboot Upgrade Professional Access Point Administrator Guide Navigating to Backup and Restore Settings Backup/Restore Restoring Access Point Settings to a Previous Configuration Backing up Configuration Setting for an Access Point Professional Access Point Administrator Guide Command Line Interface Professional Access Point Administrator Guide Basic Settings Yes Described in Backup/Restore on USR5453-AP login admin Password Enter help for help How to Access the CLI for an Access PointTelnet Connection to the Access Point USR5453-AP login Password Status Down SSH2 Connection to the Access PointTelnet Function Telnet Command Status USR5453-AP# Login as Set ssh Status Quick View of Commands and How to Get HelpCommands and Syntax SSH Function SSH Command Get bss wlan0bssInternal CommandGet log Get log-entry Add radius-user wally Command Description Remove radius-user wally Getting Help on Commands at the CLI Ready to Get Started? Command Usage and Configuration Examples Professional Access Point Administrator Guide Vlan1234 Understanding Interfaces as Presented in the CLIInterface Description Wlan0vwn1 Get interface vlanVLANID role Saving Configuration ChangesGet interface vlan1234 role Basic Setting Example Get Both the IP Address and MAC Address Get the MAC Address for an Access Point Wlan0wds1 Wds Down Wlan0wds2 Wlan0wds3 USR5453-AP# Get the Current Password Get the Firmware Version for the Access PointGet the Location of the Access Point Set the Location for an Access Point User Accounts Access Point and Cluster SettingsCluster Command Example Get MAC Addresses for all Access Points in the Cluster Get All User Accounts User Account Command ExampleUSR5453-AP#get radius-user all name name USR5453-AP#add radius-user samantha username samantha USR5453-AP#set radius-user samantha password westportUSR5453-AP#set radius-user samantha disabled Add Users Larry samantha endora darren Status Command ExampleRemove a User Account USR5453-AP#remove radius-user wally USR5453-AP#get interface br0 Get Current Wireless Radio Settings Get Current Settings for the Ethernet Wired Guest Interface Priority Daemon USR5453-AP# get radio wlan0 detailGet Status on Events USR5453-AP# get log-entry USR5453-AP#set log relay-enabled USR5453-AP# get log USR5453-AP#set log relay-hostUSR5453-AP#set log relay-host myserver USR5453-AP#set log relay-port Get Transmit / Receive Statistics Get neighbouring Access PointsGet Client Associations USR5453-AP# get detected-ap USR5453-AP#get detected-ap Wired Interface Command Example Ethernet Wired Interface Get Summary View of Internal and Guest Interfaces Get Wired Internal Interface SettingsGet Wired Guest Interface Settings Set Up Guest Access USR5453-AP#remove bridge-port br0 interface eth0 USR5453-AP#get interface brguest status downUSR5453-AP# get bss USR5453-AP#get bridge-port br0 Name Interface USR5453-AP# get interface brguestUSR5453-AP#get interface brguest status up USR5453-AP#get bridge-port brguest USR5453-AP#get interface br0 detail Get/Change the Connection Type Dhcp or Static IPUSR5453-AP#get dhcp-client status up USR5453-AP#set dhcp-client status up USR5453-AP#get interface br0 static-mask Re-Configure Static IP Addressing ValuesUSR5453-AP#get interface br0 static-ip USR5453-AP#set interface br0 static-ip Security Wireless Interface USR5453-AP#get interface wlan0 security none Security Command ExampleGet the Current Security Mode Get Detailed Description of Current Security Settings Set the Broadcast Ssid Allow or Prohibit Enable / Disable Station Isolation USR5453-AP#set interface wlan0 security static-wep Set Security to NoneUSR5453-AP#set interface wlan0 security none Set Security to Static WEP USR5453-AP#set interface wlan0 wep-key-ascii yes Set bss wlan0bssInternal open-system-authentication onSet bss wlan0bssInternal shared-key-authentication off Set bss wlan0bssInternal shared-key-authentication on USR5453-AP#get interface wlan0 detail USR5453-AP#set bss wlan0bssInternal radius-ip Set Security to IeeeUSR5453-AP#set interface wlan0 security dot1x Radius Option Example USR5453-AP#get interface wlan0 security dot1x USR5453-AP#set bss wlan0bssInternal radius-key secretSet Bss USR5453-AP#set bss wlan0bssInternal radius-accounting off USR5453-AP#set interface wlan0 security wpa-personal Set Security to WPA/WPA2 Personal PSKWPA Option Example Set bss wlan0bssInternal wpa-cipher-tkip off Cipher Suite Option ExampleSet bss wlan0bssInternal wpa-cipher-tkip on Set bss wlan0bssInternal wpa-cipher-ccmp off Set Security to WPA/WPA2 Enterprise Radius USR5453-AP#get interface wlan0 security wpa-personal USR5453-AP#set interface wlan0 security wpa-enterprise Enable Pre-Authentication USR5453-AP#set bss wlan0bssInternal radius-key KeepSecret Cipher Suite Option USR5453-AP#get interface wlan0 security wpa-enterprise USR5453-AP#set bss wlan0bssInternal radius-accounting on Set Guest Welcome Page Text Enable/Configure Guest Login WelcomeView Guest Login Settings Enable/Disable the Guest Welcome Set interface wlan0vwn1 security wpa-enterprise Configuring Multiple BSSIDs on Virtual Wireless NetworksReview Guest Login Settings Configuring Virtual Wireless Network One on Radio One Creating VWN Two on Radio One with WPA security Radio SettingsRadio Setting Command Example Get Ieee 802.11 Radio Mode Get All Radio Settings Get Basic Radio SettingsGet Radio Channel Get Basic Rate Set Configure Radio SettingsGet Supported Rate Set USR5453-AP#get supported-rate USR5453-AP#get bss wlan0bssInternal dtim-period USR5453-AP#set radio wlan0 mode gUSR5453-AP#set radio wlan0 beacon-interval USR5453-AP#set bss wlan0bssInternal dtim-period USR5453-AP#add supported-rate wlan0 rate USR5453-AP#set radio wlan0 fragmentation-thresholdUSR5453-AP#set radio wlan0 rts-threshold USR5453-AP#add basic-rate wlan0 rate USR5453-AP#get supported-rate wlan0 rate MAC Filtering Set bss wlan0bssGuest mac-acl-name Guest Specify an Accept or Deny ListAdd MAC Addresses of Client Stations to the Filtering List USR5453-AP#get bss wlan0bssGuest mac-acl-mode accept-list Get Current MAC Filtering SettingsUSR5453-AP#remove mac-acl Guest mac Get bss interface mac-acl-mode QoS Command Quality of ServiceLoad Balancing Enable/Disable Wi-Fi Multimedia QoS Command Example Understanding the Queues for Access Point and Station About Access Point and Station Edca ParametersData Access Point Station Set Arbirtation Interframe Spaces Aifs Get QoS Settings on the Access PointGet QoS Settings on the Client Station USR5453-AP#get wme-queue Set wme-queue wlan0 with queue QueueName to aifs AIFSValue Setting Minimum and Maximum Contention Windows cwmin, cwmaxUSR5453-AP#set wme-queue wlan0 with queue vo to aifs USR5453-AP#set wme-queue wlan0 with queue vi cwmin 7 cwmax Set the Maximum Burst Length burst on the Access PointSet tx-queue wlan0 with queue QueueName to burst burstValue USR5453-AP#set wme-queue wlan0 with queue vo to txop-limit USR5453-AP#set tx-queue wlan0 with queue data2 to burst USR5453-AP#set interface wlan0wds0 remote-mac 00E0B8761B14 Wireless Distribution SystemConfiguring a WDS Link Getting Details on a WDS Configuration Set ntp server ntp.instant802.com Time ProtocolUSR5453-AP#get ntp detail Keyboard Shortcuts and Tab Completion Help Reboot the Access PointReset the Access Point to Factory Defaults USR5453-AP#factory-reset Tab Completion and Help Keyboard ShortcutsAction on CLI Keyboard Shortcut USR5453-AP#get system v USR5453-AP#get system version USR5453-AP# set mac-acl CLI Class and Field Overview Has name? \ # of instances? One Multiple Field Reference on CLI Class Relationships Association Class IndexClass Description Station AuthenticatedField Index Interface Bridge-port Basic-rate Path-cost BssPriority Beacon-interface StatusDescription Radio Ignore-broadcast-ssid MacDtim-period Max-stations Cluster-member Open-system-authenticationChannel-planner Cluster Debug ConfigDefault No-external-updates Field Description Detected-ap Capability Beacon-interval Type Last-beacon Dhcp-clientErp Beacons Dot11d Dot11Host Debug Static-domain Dns-12Domain Static-dns-12 Mask Interface Static-mask Rx-errorsType Static-ip Tx-packets Tx-errorsRx-compressed Rx-multicast Ip-route Gateway JvmKickstartd Log Time Log-entryDepth Number Server Mac-aclNtp Message Welcome-screen PortalWelcome-screen-text Max-bss Mode Tx-powerMax-bss Channel-policy Load-balance-disassociation-utilization WmewifinoacktestRts-threshold Fragmentation-threshold Ro-community Radius-userSerial Snmp Rw-community SshSupported-rate System Telnet PasswordEncrypted-password Password-initialized Community Tx-queueQueue Wme-queue Web-ui Possible Solution Professional Access Point Detection Utility does not find Cannot access the Web User Interface Access point My wireless device cannot find the wireless network Possible Solution Am experiencing poor wireless link quality Wireless Distribution System WDS Problems and Solutions Reboot or Reset Access Point Cluster Recovery Click Stop Clustering Stop Clustering and Reset Each Access Point in the Cluster Professional Access Point Administrator Guide Country Webmail Voice Support Information UAE Radio and Television Interference Declaration of ConformityDetachable Antenna Information FCC Radiation Exposure Statement Industry Canada IC For Canadian UsersUL Listing/CUL Listing Declaration of Conformity CE Compliance EU Health Protection Regulatory Channel FrequencyEU Detachable Antenna Information Professional Access Point Administrator Guide Professional Access Point Administrator Guide Robotics Corporation Two 2 Year Limited Warranty Obtaining Warranty Service Limitations Disclaimer 802.3 802802.1x 802.2 802.11f 802.11b802.11d 802.11e AES Broadcast Address BeaconBridge Broadcast CSMA/CA BssidCcmp CGI DOM DCFDhcp DNS Ethernet EAPEdcf ESS Http FrameGateway Html Intrusion Detection Infrastructure ModeIbss Ieee Latency IPSecISP Jitter MAC LANLdap LLC OSI NATNIC NTP PID PacketPacket Loss PHY PSK PPP RTP RadiusRC4 Rssi Ssid SnmpSTP Tkip Supported Rate SetTCP TCP/IP Vlan UDPUnicast URL Wins WANWDS WEP XML WMM WPAWPA2 Wrap Index DCF Ieee Snmp WDS Index-328