Manuals / USRobotics / Computer Equipment / Network Card

USRobotics Instant802 APSDK manual Key Management, Encryption Algorithm, User Authentication

Models: Instant802 APSDK

1 328

Download 328 pages 174 b

Page 103

Professional Access Point

Administrator Guide

SEE ALSO

For information on how to configure this mode, see “None” on page 108 under “Configuring Security Settings”.

When to Use Static WEP

Static Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks. All wireless stations and access points on the network are configured with a static 64-bit (40-bit secret key + 24-bit initialization vector (IV)) or 128-bit (104-bit secret key + 24-bit IV) Shared Key for data encryption.

Key Management

Static WEP uses a fixed key that is provided by the administrator. WEP keys are indexed in different slots (up to four on the Professional Access Point).

The client devices must have the same key indexed in the same slot to access data on the access point.

Encryption Algorithm

An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame.

User Authentication

If you set the Authentication Algorithm to Shared Key, this protocol provides a rudimentary form of user authenti- cation.

However, if the Authentication Algo- rithm is set to Open System, no authentication is performed.

If the algorithm is set to Both, only WEP clients are authenticated.

RECOMMENDATIONS

Static WEP was designed to provide security equivalent of sending unencrypted data through an Ethernet connection, however it has major flaws and it does not provide even this intended level of security.

Therefore, Static WEP is not recommended as a secure mode. The only time to use Static WEP is when interoperability issues make it the only option available to you and you are not concerned with the potential of exposing the data on your network.

SEE ALSO

For information on how to configure Static WEP security mode, see “Static WEP” on page 108 under “Configuring Security Settings”.

When to Use IEEE 802.1x

IEEE 802.1x is the standard for passing the Extensible Authentication Protocol (EAP) over an 802.11 wireless network using a protocol called EAP Encapsulation Over LANs (EAPOL). This is a newer, more secure standard than Static WEP.

Security - 103

Image 103

USRobotics Instant802 APSDK manual Key Management, Encryption Algorithm, User Authentication

Contents

R46.1224.00 rev 2.0 07/06 Professional Access Point Administrator GuidePage USA Professional Access Point Administrator GuideProfessional Access Point Administrator Guide Contents Support Information Class Structure, Commands, and ExamplesAdvanced Class and Field ReferenceRobotics Corporation Two 2 Year Limited Warranty Viii Online Help Features Administrator AudienceTypographical Conventions Recommended Settings, Notes and CautionsGetting Started Security Features Features and BenefitsIeee Standards Support and Wi-Fi Compliance Wireless FeaturesClustering and Auto-Management Guest InterfaceNetworking Snmp Support What’s Next?Maintainability Professional Access Point Option Default Settings Related Information Default Settings for the Professional Access PointAuthentication Type Ieee 802.11 ModeTransmit Power Security Mode NoneWhat the Access Point Does Not Provide Administrator’s ComputerRequired Software or Component Description Required Component Description Wireless Client ComputersDynamic IP Addressing How Does the Access Point Obtain an IP Address at Startup?Required Component Static IP Addressing Recovering an IP AddressProfessional Access Point Administrator Guide Access Point Hardware and Ports Unpack the access pointWhat’s inside the Access Point? Connect the access point to network and power UK Users Hardware Connections for a Guest Vlan Professional Access Point Administrator Guide Professional Access Point Administrator Guide Professional Access Point Administrator Guide Username Viewing Basic Settings for Access PointsField Default Setting Log on to the Web User InterfaceConfigure Basic Settings and start the wireless network Default Configuration Make Sure the Access Point is Connected to the LAN Wall Mounting the Access PointTest LAN Connectivity with Wireless Clients Web User Interface Navigating to Basic Settings Firmware Version Review / Describe the Access PointField Description MAC AddressWireless Network Name Ssid Provide Administrator Password and Wireless Network NameAdministrator Password Administrator Password againNew Access Points Set Configuration Policy for New Access PointsField Summary of Settings Update Basic SettingsYour Network at a Glance Understanding Indicator Icons Basic Settings for a Standalone Access PointIcon Description Professional Access Point Administrator Guide Cluster Access PointsUnderstanding Clustering Navigating to Access Points ManagementHow Many APs Can a Cluster Support? What is a Cluster?What Kinds of APs Can Cluster? Settings Not Shared by the Cluster Standalone Mode Cluster ModeCluster Formation Intra-Cluster Security Understanding Access Point SettingsAuto-Synchronization of Cluster Configuration Cluster Size and MembershipModifying the Location Description Removing an Access Point from the ClusterHttp//IPAddressOfAccessPoint Adding an Access Point to a ClusterProfessional Access Point Administrator Guide Professional Access Point Administrator Guide User Management Viewing User Accounts Navigating to User Management for Clustered Access PointsAdding a User Real Name Editing a User AccountEnabling and Disabling User Accounts Enabling a User AccountDisabling a User Account Restoring a User Database from a Backup FileRemoving a User Account Backing Up and Restoring a User DatabaseProfessional Access Point Administrator Guide Professional Access Point Administrator Guide Navigating to Session Monitoring SessionsUser AP Location User MAC Idle Rate Understanding Session Monitoring InformationRefreshing Session Information Viewing Session Information for Access PointsSignal Utilization Rx Total Tx Total Error Rate Sorting Session InformationProfessional Access Point Administrator Guide Channel Management Overlapping Channels Background Information Navigating to Channel ManagementUnderstanding Channel Management How it Works OverviewExample a Network before and after Channel Management Configuring and Viewing Channel Management SettingsStopping/Starting Automatic Channel Assignment IP Address Current Proposed Viewing Current Channel Assignments and Setting LocksViewing Last Proposed Set of Changes IP Address Band Current LockedDetermine if there is better set of channels every Use these channels when applying channel assignmentsAdvanced Change channels if interference is reduced by at leastApply channel modifications even when the network is busy Professional Access Point Administrator Guide Wireless Neighborhood Understanding Wireless Neighbourhood Information Navigating to Wireless NeighborhoodDisplay neighboring APs Viewing Wireless NeighborhoodCluster Neighbors Details for a Cluster Member AP Viewing Details for a Cluster MemberChannel SignalBeacon Age Interfaces StatusWireless Settings Ethernet Wired SettingsLog Relay Host for Kernel Messages EventsTmp/APsyslog Setting Up the Log Relay HostUnderstanding Remote Logging SYSLOGD=-rRelay Host Log Relay Host EnabledEnabled Etc/init.d/sysklogd restartEvents Log Transmit/Receive StatisticsTotal Packets ErrorsClient Associations Name SsidLink Integrity Monitoring What is the Difference Between an Association and a Session?Select AP Detection Enabled Neighboring Access PointsType Beacon IntPrivacy Last Beacon # of BeaconsRates Professional Access Point Administrator Guide Advanced Ethernet Wired SettingsNavigating to Ethernet Wired Settings Enabling and Disabling Guest Access Setting the DNS NameManaging Guest Access Configuring an Internal LAN and a Guest NetworkFor Guest access, use Guest AccessSpecifying a Virtual Guest Network Virtual Wireless Networks Configuring Internal Interface Ethernet SettingsStatic IP Address Default GatewayDNS Nameservers Updating Settings Configuring Guest Interface Ethernet Wired SettingsSubnet Professional Access Point Administrator Guide Navigating to Wireless Settings Wireless Settings802.11d Regulatory Domain Support Configuring 802.11d Regulatory Domain SupportConfiguring Internal LAN Wireless Settings Configuring the Radio InterfaceMode Channel Read-only field Configuring Guest Network Wireless SettingsHow Do I Know Which Security Mode to Use? Understanding Security Issues on Wireless NetworksSecurity When to Use No Security Key Management User AuthenticationEncryption Algorithm Encryption Algorithms When to Use WPA/WPA2 Enterprise Radius How Does Station Isolation Protect the Network? Does Prohibiting the Broadcast of Ssid Enhance Security?Configuring Security Settings Navigating to Security SettingsBroadcast SSID, Station Isolation, and Security Mode Static WEP NoneProfessional Access Point Administrator Guide Key Type Transfer Key IndexKey Length BitsOpen System Shared Key Both Authentication AlgorithmExample of Using Static WEP Static WEP with Transfer KEY Indexes on Client Devices Ieee Radius IP Authentication ServerEnable Radius Accounting WPA/WPA2 Personal PSKCipher Suites WPA VersionsKey WPA/WPA2 Enterprise RadiusImproving the security of the network Enable pre-authenticationEnter the Radius IP Professional Access Point Administrator Guide Configuring Guest Access Using Virtual LANs Guest LoginConfiguring a Guest Network on a Virtual LAN DSL/T1 Using the Guest Network Configuring the Welcome Screen Captive PortalConfiguring a Guest Network on a Dedicated Access Point Configuring Guest Access without Virtual LANsNavigating to Virtual Wireless Network Settings Virtual Wireless NetworksTwo Configuring VLANsVirtual Wireless Network OneTon Professional Access Point Administrator Guide Radio Understanding Radio SettingsConfiguring Radio Settings Navigating to Radio SettingsStatus On/Off Ieee 802.11b ModeSuper G Maximum Stations Broadcast a subset of its supported rate sets Rate SetsProfessional Access Point Administrator Guide MAC Filtering Navigating to MAC Filtering SettingsFilter Using MAC FilteringStations List Professional Access Point Administrator Guide Understanding Load Balancing Load BalancingSpecifying Limits for Utilization and Client Associations Configuring Load Balancing Navigating to Load Balancing SettingsLoad Balancing and QoS Tion Utilization for No New AssociationsUtilization for Disassociation Stations Threshold for DisassociaTo apply your changes, click Update Settings 802.11e and WMM Standards Support Quality of ServiceUnderstanding QoS QoS and Load BalancingQoS Queues and Parameters to Coordinate Traffic Flow Professional Access Point Administrator Guide Random Backoff and Minimum / Maximum Contention Windows Configuring QoS Queues Navigating to QoS SettingsConfiguring AP Edca Parameters Enabling/Disabling Wi-Fi Multimedia Data 0 Voice Configuring Station Edca ParametersTransmission Opportunity Limit Txop LimitProfessional Access Point Administrator Guide Understanding the Wireless Distribution System Wireless Distribution SystemUsing WDS to Bridge Distant Wired LANs LAN Segment Backup Links and Unwanted Loops in WDS BridgesSecurity Considerations Related to WDS Bridges Navigating to WDS SettingsConfiguring WDS Settings Internal Network Local AddressRemote Address Bridge withDisabled Example of Configuring a WDS LinkWEP Key Local Address Professional Access Point Administrator Guide Time Protocol Navigating to Time Protocol SettingsEnabling and Disabling a Network Time Protocol NTP Server NTP Server Professional Access Point Administrator Guide Understanding Snmp SnmpNavigating to Simple Network Management Protocol Read-write community name for per Enable SnmpRead-only Community Name entire Allow Snmp SET RequestsRebooting and Upgrading Your Access Point Using Snmp Configuring Your Network Management SystemSource hostname or subnet Ftp//192.168.1.100/54531.1.24.tar Rebooting Your Access Point Using SnmpUpgrading your Access Point Ftp//testuser1testuser1@192.168.1.9922/54531.1.23.tarProfessional Access Point Administrator Guide Reset Configuration RebootUpgrade Professional Access Point Administrator Guide Navigating to Backup and Restore Settings Backup/RestoreRestoring Access Point Settings to a Previous Configuration Backing up Configuration Setting for an Access PointProfessional Access Point Administrator Guide Command Line Interface Professional Access Point Administrator Guide Basic Settings Yes Described in Backup/Restore on USR5453-AP login admin Password Enter help for help How to Access the CLI for an Access PointTelnet Connection to the Access Point USR5453-AP login PasswordStatus Down SSH2 Connection to the Access PointTelnet Function Telnet Command StatusUSR5453-AP# Login asSet ssh Status Quick View of Commands and How to Get HelpCommands and Syntax SSH Function SSH CommandGet bss wlan0bssInternal CommandGet log Get log-entryAdd radius-user wally Command DescriptionRemove radius-user wally Getting Help on Commands at the CLIReady to Get Started? Command Usage and Configuration ExamplesProfessional Access Point Administrator Guide Vlan1234 Understanding Interfaces as Presented in the CLIInterface Description Wlan0vwn1Get interface vlanVLANID role Saving Configuration ChangesGet interface vlan1234 role Basic Setting Example Get Both the IP Address and MAC Address Get the MAC Address for an Access PointWlan0wds1 Wds Down Wlan0wds2 Wlan0wds3 USR5453-AP# Get the Current Password Get the Firmware Version for the Access PointGet the Location of the Access Point Set the Location for an Access PointUser Accounts Access Point and Cluster SettingsCluster Command Example Get MAC Addresses for all Access Points in the ClusterGet All User Accounts User Account Command ExampleUSR5453-AP#get radius-user all name name USR5453-AP#add radius-user samantha username samantha USR5453-AP#set radius-user samantha password westportUSR5453-AP#set radius-user samantha disabled Add UsersLarry samantha endora darren Status Command ExampleRemove a User Account USR5453-AP#remove radius-user wallyUSR5453-AP#get interface br0 Get Current Wireless Radio Settings Get Current Settings for the Ethernet Wired Guest InterfacePriority Daemon USR5453-AP# get radio wlan0 detailGet Status on Events USR5453-AP# get log-entryUSR5453-AP#set log relay-enabled USR5453-AP# get log USR5453-AP#set log relay-hostUSR5453-AP#set log relay-host myserver USR5453-AP#set log relay-portGet Transmit / Receive Statistics Get neighbouring Access PointsGet Client Associations USR5453-AP# get detected-ap USR5453-AP#get detected-apWired Interface Command Example Ethernet Wired InterfaceGet Summary View of Internal and Guest Interfaces Get Wired Internal Interface SettingsGet Wired Guest Interface Settings Set Up Guest AccessUSR5453-AP#remove bridge-port br0 interface eth0 USR5453-AP#get interface brguest status downUSR5453-AP# get bss USR5453-AP#get bridge-port br0 Name Interface USR5453-AP# get interface brguestUSR5453-AP#get interface brguest status up USR5453-AP#get bridge-port brguestUSR5453-AP#get interface br0 detail Get/Change the Connection Type Dhcp or Static IPUSR5453-AP#get dhcp-client status up USR5453-AP#set dhcp-client status upUSR5453-AP#get interface br0 static-mask Re-Configure Static IP Addressing ValuesUSR5453-AP#get interface br0 static-ip USR5453-AP#set interface br0 static-ipSecurity Wireless InterfaceUSR5453-AP#get interface wlan0 security none Security Command ExampleGet the Current Security Mode Get Detailed Description of Current Security SettingsSet the Broadcast Ssid Allow or Prohibit Enable / Disable Station IsolationUSR5453-AP#set interface wlan0 security static-wep Set Security to NoneUSR5453-AP#set interface wlan0 security none Set Security to Static WEPUSR5453-AP#set interface wlan0 wep-key-ascii yes Set bss wlan0bssInternal open-system-authentication onSet bss wlan0bssInternal shared-key-authentication off Set bss wlan0bssInternal shared-key-authentication onUSR5453-AP#get interface wlan0 detail USR5453-AP#set bss wlan0bssInternal radius-ip Set Security to IeeeUSR5453-AP#set interface wlan0 security dot1x Radius Option ExampleUSR5453-AP#get interface wlan0 security dot1x USR5453-AP#set bss wlan0bssInternal radius-key secretSet Bss USR5453-AP#set bss wlan0bssInternal radius-accounting offUSR5453-AP#set interface wlan0 security wpa-personal Set Security to WPA/WPA2 Personal PSKWPA Option Example Set bss wlan0bssInternal wpa-cipher-tkip off Cipher Suite Option ExampleSet bss wlan0bssInternal wpa-cipher-tkip on Set bss wlan0bssInternal wpa-cipher-ccmp offSet Security to WPA/WPA2 Enterprise Radius USR5453-AP#get interface wlan0 security wpa-personalUSR5453-AP#set interface wlan0 security wpa-enterprise Enable Pre-Authentication USR5453-AP#set bss wlan0bssInternal radius-key KeepSecret Cipher Suite OptionUSR5453-AP#get interface wlan0 security wpa-enterprise USR5453-AP#set bss wlan0bssInternal radius-accounting onSet Guest Welcome Page Text Enable/Configure Guest Login WelcomeView Guest Login Settings Enable/Disable the Guest WelcomeSet interface wlan0vwn1 security wpa-enterprise Configuring Multiple BSSIDs on Virtual Wireless NetworksReview Guest Login Settings Configuring Virtual Wireless Network One on Radio OneCreating VWN Two on Radio One with WPA security Radio SettingsRadio Setting Command Example Get Ieee 802.11 Radio ModeGet All Radio Settings Get Basic Radio SettingsGet Radio Channel Get Basic Rate Set Configure Radio SettingsGet Supported Rate Set USR5453-AP#get supported-rateUSR5453-AP#get bss wlan0bssInternal dtim-period USR5453-AP#set radio wlan0 mode gUSR5453-AP#set radio wlan0 beacon-interval USR5453-AP#set bss wlan0bssInternal dtim-periodUSR5453-AP#add supported-rate wlan0 rate USR5453-AP#set radio wlan0 fragmentation-thresholdUSR5453-AP#set radio wlan0 rts-threshold USR5453-AP#add basic-rate wlan0 rateUSR5453-AP#get supported-rate wlan0 rate MAC FilteringSet bss wlan0bssGuest mac-acl-name Guest Specify an Accept or Deny ListAdd MAC Addresses of Client Stations to the Filtering List USR5453-AP#get bss wlan0bssGuest mac-acl-mode accept-list Get Current MAC Filtering SettingsUSR5453-AP#remove mac-acl Guest mac Get bss interface mac-acl-modeQoS Command Quality of ServiceLoad Balancing Enable/Disable Wi-Fi Multimedia QoS Command ExampleUnderstanding the Queues for Access Point and Station About Access Point and Station Edca ParametersData Access Point Station Set Arbirtation Interframe Spaces Aifs Get QoS Settings on the Access PointGet QoS Settings on the Client Station USR5453-AP#get wme-queueSet wme-queue wlan0 with queue QueueName to aifs AIFSValue Setting Minimum and Maximum Contention Windows cwmin, cwmaxUSR5453-AP#set wme-queue wlan0 with queue vo to aifs USR5453-AP#set wme-queue wlan0 with queue vi cwmin 7 cwmax Set the Maximum Burst Length burst on the Access PointSet tx-queue wlan0 with queue QueueName to burst burstValue USR5453-AP#set wme-queue wlan0 with queue vo to txop-limit USR5453-AP#set tx-queue wlan0 with queue data2 to burstUSR5453-AP#set interface wlan0wds0 remote-mac 00E0B8761B14 Wireless Distribution SystemConfiguring a WDS Link Getting Details on a WDS ConfigurationSet ntp server ntp.instant802.com Time ProtocolUSR5453-AP#get ntp detail Keyboard Shortcuts and Tab Completion Help Reboot the Access PointReset the Access Point to Factory Defaults USR5453-AP#factory-resetTab Completion and Help Keyboard ShortcutsAction on CLI Keyboard Shortcut USR5453-AP#get system v USR5453-AP#get system version USR5453-AP# set mac-acl CLI Class and Field OverviewHas name? \ # of instances? One Multiple Field Reference onCLI Class Relationships Association Class IndexClass Description Station AuthenticatedField Index InterfaceBridge-port Basic-ratePath-cost BssPriority Beacon-interface StatusDescription RadioIgnore-broadcast-ssid MacDtim-period Max-stationsCluster-member Open-system-authenticationChannel-planner ClusterDebug ConfigDefault No-external-updatesField Description Detected-apCapability Beacon-intervalType Last-beacon Dhcp-clientErp BeaconsDot11d Dot11Host DebugStatic-domain Dns-12Domain Static-dns-12Mask InterfaceStatic-mask Rx-errorsType Static-ipTx-packets Tx-errorsRx-compressed Rx-multicastIp-route Gateway JvmKickstartd LogTime Log-entryDepth NumberServer Mac-aclNtp MessageWelcome-screen PortalWelcome-screen-text Max-bss Mode Tx-powerMax-bss Channel-policyLoad-balance-disassociation-utilization WmewifinoacktestRts-threshold Fragmentation-thresholdRo-community Radius-userSerial SnmpRw-community SshSupported-rate SystemTelnet PasswordEncrypted-password Password-initializedCommunity Tx-queueQueue Wme-queue Web-uiPossible Solution Professional Access Point Detection Utility does not findCannot access the Web User Interface Access pointMy wireless device cannot find the wireless network Possible Solution Am experiencing poor wireless link quality Wireless Distribution System WDS Problems and SolutionsReboot or Reset Access Point Cluster RecoveryClick Stop Clustering Stop Clustering and Reset Each Access Point in the ClusterProfessional Access Point Administrator Guide Country Webmail Voice Support InformationUAE Radio and Television Interference Declaration of ConformityDetachable Antenna Information FCC Radiation Exposure StatementIndustry Canada IC For Canadian UsersUL Listing/CUL Listing Declaration of Conformity CE ComplianceEU Health Protection Regulatory Channel FrequencyEU Detachable Antenna Information Professional Access Point Administrator Guide Professional Access Point Administrator Guide Robotics Corporation Two 2 Year Limited Warranty Obtaining Warranty Service Limitations Disclaimer 802.3 802802.1x 802.2802.11f 802.11b802.11d 802.11eAES Broadcast Address BeaconBridge BroadcastCSMA/CA BssidCcmp CGIDOM DCFDhcp DNSEthernet EAPEdcf ESSHttp FrameGateway HtmlIntrusion Detection Infrastructure ModeIbss IeeeLatency IPSecISP JitterMAC LANLdap LLCOSI NATNIC NTPPID PacketPacket Loss PHYPSK PPPRTP RadiusRC4 RssiSsid SnmpSTP Tkip Supported Rate SetTCP TCP/IPVlan UDPUnicast URLWins WANWDS WEPXML WMM WPAWPA2 WrapIndex DCF Ieee Snmp WDS Index-328