Manuals / USRobotics / Computer Equipment / Network Card

USRobotics Instant802 APSDK manual Encryption Algorithms

Models: Instant802 APSDK

1 328

Download 328 pages 174 b

Page 104

Professional Access Point Administrator Guide

Key Management

IEEE 802.1x provides dynamically- generated keys that are periodically refreshed.

There are different Unicast keys for each station.

Encryption Algorithm

An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame.

User Authentication

IEEE 802.1x mode supports a vari- ety of authentication methods, like certificates, Kerberos, and public key authentication with a RADIUS server.

You have a choice of using the Pro- fessional Access Point embedded RADIUS server or an external RADIUS server. The embedded RADIUS server supports Protected EAP (PEAP) and MSCHAP V2.

RECOMMENDATIONS

IEEE 802.1x mode is a better choice than Static WEP because keys are dynamically generated and changed periodically. However, the encryption algorithm used is the same as that of Static WEP and is therefore not as reliable as the more advanced encryption methods such as TKIP and CCMP (AES) used in Wi-Fi Protected Access (WPA) or WPA2.

Additionally, compatibility issues may be cumbersome because of the variety of authentication methods supported and the lack of a standard implementation method.

Therefore, IEEE 802.1x mode is not as secure a solution as Wi-Fi Protected Access (WPA) or WPA2.

SEE ALSO

For information on how to configure IEEE 802.1x security mode, see “IEEE 802.1x” on page 114 under “Configuring Security Settings”.

When to Use WPA/WPA2 Personal (PSK)

Wi-Fi Protected Access 2 (WPA2) Personal Pre-Shared Key (PSK) is an implementation of the Wi-Fi Alliance IEEE 802.11i standard, which includes Advanced Encryption Algorithm (AES), Counter mode/ CBC-MAC Protocol (CCMP), and Temporal Key Integrity Protocol (TKIP) mechanisms. This mode offers the same encryption algorithms as WPA 2 with RADIUS but without the ability to integrate a RADIUS server for user authentication.

This security mode is backward compatible for wireless clients that support only the original WPA.

Key Management

WPA/WPA2 Personal (PSK) pro- vides dynamically-generated keys that are periodically refreshed.

There are different Unicast keys for each station.

Encryption Algorithms

•Temporal Key Integrity Protocol (TKIP)

•Counter mode/CBC-MAC Proto- col (CCMP) Advanced Encryption Standard (AES)

User Authentication

The use of a Pre-Shared (PSK) key provides user authentication similar to that of shared keys in WEP.

Security - 104

Image 104

USRobotics Instant802 APSDK manual Encryption Algorithms

Contents

Professional Access Point Administrator Guide R46.1224.00 rev 2.0 07/06Page Professional Access Point Administrator Guide USAProfessional Access Point Administrator Guide Contents Class Structure, Commands, and Examples AdvancedClass and Field Reference Support InformationRobotics Corporation Two 2 Year Limited Warranty Viii Administrator Audience Online Help FeaturesRecommended Settings, Notes and Cautions Typographical ConventionsGetting Started Features and Benefits Ieee Standards Support and Wi-Fi ComplianceWireless Features Security FeaturesNetworking Guest InterfaceClustering and Auto-Management Maintainability What’s Next?Snmp Support Professional Access Point Default Settings for the Professional Access Point Option Default Settings Related InformationIeee 802.11 Mode Transmit PowerSecurity Mode None Authentication TypeRequired Software or Component Description Administrator’s ComputerWhat the Access Point Does Not Provide Wireless Client Computers Required Component DescriptionRequired Component How Does the Access Point Obtain an IP Address at Startup?Dynamic IP Addressing Recovering an IP Address Static IP AddressingProfessional Access Point Administrator Guide What’s inside the Access Point? Unpack the access pointAccess Point Hardware and Ports Connect the access point to network and power UK Users Hardware Connections for a Guest Vlan Professional Access Point Administrator Guide Professional Access Point Administrator Guide Professional Access Point Administrator Guide Viewing Basic Settings for Access Points Field Default SettingLog on to the Web User Interface UsernameConfigure Basic Settings and start the wireless network Default Configuration Wall Mounting the Access Point Make Sure the Access Point is Connected to the LANTest LAN Connectivity with Wireless Clients Web User Interface Navigating to Basic Settings Review / Describe the Access Point Field DescriptionMAC Address Firmware VersionProvide Administrator Password and Wireless Network Name Administrator PasswordAdministrator Password again Wireless Network Name SsidField Set Configuration Policy for New Access PointsNew Access Points Update Basic Settings Summary of SettingsIcon Description Basic Settings for a Standalone Access PointYour Network at a Glance Understanding Indicator Icons Professional Access Point Administrator Guide Access Points ClusterNavigating to Access Points Management Understanding ClusteringWhat Kinds of APs Can Cluster? What is a Cluster?How Many APs Can a Cluster Support? Settings Not Shared by the Cluster Cluster Formation Cluster ModeStandalone Mode Understanding Access Point Settings Auto-Synchronization of Cluster ConfigurationCluster Size and Membership Intra-Cluster SecurityRemoving an Access Point from the Cluster Modifying the Location DescriptionAdding an Access Point to a Cluster Http//IPAddressOfAccessPointProfessional Access Point Administrator Guide Professional Access Point Administrator Guide User Management Adding a User Navigating to User Management for Clustered Access PointsViewing User Accounts Editing a User Account Enabling and Disabling User AccountsEnabling a User Account Real NameRestoring a User Database from a Backup File Removing a User AccountBacking Up and Restoring a User Database Disabling a User AccountProfessional Access Point Administrator Guide Professional Access Point Administrator Guide Sessions Navigating to Session MonitoringUnderstanding Session Monitoring Information User AP Location User MAC Idle RateViewing Session Information for Access Points Signal Utilization Rx Total Tx Total Error RateSorting Session Information Refreshing Session InformationProfessional Access Point Administrator Guide Channel Management Navigating to Channel Management Understanding Channel ManagementHow it Works Overview Overlapping Channels Background InformationConfiguring and Viewing Channel Management Settings Example a Network before and after Channel ManagementStopping/Starting Automatic Channel Assignment Viewing Current Channel Assignments and Setting Locks Viewing Last Proposed Set of ChangesIP Address Band Current Locked IP Address Current ProposedUse these channels when applying channel assignments AdvancedChange channels if interference is reduced by at least Determine if there is better set of channels everyApply channel modifications even when the network is busy Professional Access Point Administrator Guide Wireless Neighborhood Navigating to Wireless Neighborhood Understanding Wireless Neighbourhood InformationCluster Viewing Wireless NeighborhoodDisplay neighboring APs Neighbors Viewing Details for a Cluster Member Details for a Cluster Member APBeacon Age SignalChannel Status InterfacesEthernet Wired Settings Wireless SettingsEvents Log Relay Host for Kernel MessagesSetting Up the Log Relay Host Understanding Remote LoggingSYSLOGD=-r Tmp/APsyslogLog Relay Host Enabled EnabledEtc/init.d/sysklogd restart Relay HostTransmit/Receive Statistics Events LogErrors Client AssociationsName Ssid Total PacketsWhat is the Difference Between an Association and a Session? Link Integrity MonitoringNeighboring Access Points Select AP Detection EnabledPrivacy Beacon IntType Rates # of BeaconsLast Beacon Professional Access Point Administrator Guide Ethernet Wired Settings AdvancedNavigating to Ethernet Wired Settings Setting the DNS Name Managing Guest AccessConfiguring an Internal LAN and a Guest Network Enabling and Disabling Guest AccessSpecifying a Virtual Guest Network Guest AccessFor Guest access, use Configuring Internal Interface Ethernet Settings Virtual Wireless NetworksDNS Nameservers Default GatewayStatic IP Address Subnet Configuring Guest Interface Ethernet Wired SettingsUpdating Settings Professional Access Point Administrator Guide Wireless Settings Navigating to Wireless SettingsConfiguring 802.11d Regulatory Domain Support 802.11d Regulatory Domain SupportMode Channel Configuring the Radio InterfaceConfiguring Internal LAN Wireless Settings Configuring Guest Network Wireless Settings Read-only fieldSecurity Understanding Security Issues on Wireless NetworksHow Do I Know Which Security Mode to Use? When to Use No Security Encryption Algorithm User AuthenticationKey Management Encryption Algorithms When to Use WPA/WPA2 Enterprise Radius Does Prohibiting the Broadcast of Ssid Enhance Security? How Does Station Isolation Protect the Network?Broadcast SSID, Station Isolation, and Security Mode Navigating to Security SettingsConfiguring Security Settings None Static WEPProfessional Access Point Administrator Guide Transfer Key Index Key LengthBits Key TypeAuthentication Algorithm Open System Shared Key BothExample of Using Static WEP Static WEP with Transfer KEY Indexes on Client Devices Ieee Authentication Server Enable Radius AccountingWPA/WPA2 Personal PSK Radius IPWPA Versions Cipher SuitesWPA/WPA2 Enterprise Radius KeyEnable pre-authentication Improving the security of the networkEnter the Radius IP Professional Access Point Administrator Guide Configuring a Guest Network on a Virtual LAN Guest LoginConfiguring Guest Access Using Virtual LANs DSL/T1 Configuring the Welcome Screen Captive Portal Using the Guest NetworkConfiguring Guest Access without Virtual LANs Configuring a Guest Network on a Dedicated Access PointVirtual Wireless Networks Navigating to Virtual Wireless Network SettingsConfiguring VLANs Virtual Wireless NetworkOne TwoTon Professional Access Point Administrator Guide Understanding Radio Settings RadioStatus On/Off Navigating to Radio SettingsConfiguring Radio Settings Super G ModeIeee 802.11b Maximum Stations Rate Sets Broadcast a subset of its supported rate setsProfessional Access Point Administrator Guide Navigating to MAC Filtering Settings MAC FilteringUsing MAC Filtering FilterStations List Professional Access Point Administrator Guide Specifying Limits for Utilization and Client Associations Load BalancingUnderstanding Load Balancing Load Balancing and QoS Navigating to Load Balancing SettingsConfiguring Load Balancing Utilization for No New Associations Utilization for DisassociationStations Threshold for Disassocia TionTo apply your changes, click Update Settings Quality of Service Understanding QoSQoS and Load Balancing 802.11e and WMM Standards SupportQoS Queues and Parameters to Coordinate Traffic Flow Professional Access Point Administrator Guide Random Backoff and Minimum / Maximum Contention Windows Navigating to QoS Settings Configuring QoS QueuesConfiguring AP Edca Parameters Enabling/Disabling Wi-Fi Multimedia Configuring Station Edca Parameters Data 0 VoiceTxop Limit Transmission Opportunity LimitProfessional Access Point Administrator Guide Using WDS to Bridge Distant Wired LANs Wireless Distribution SystemUnderstanding the Wireless Distribution System Backup Links and Unwanted Loops in WDS Bridges LAN SegmentNavigating to WDS Settings Security Considerations Related to WDS BridgesConfiguring WDS Settings Local Address Remote AddressBridge with Internal NetworkWEP Key Example of Configuring a WDS LinkDisabled Local Address Professional Access Point Administrator Guide Navigating to Time Protocol Settings Time ProtocolEnabling and Disabling a Network Time Protocol NTP Server NTP Server Professional Access Point Administrator Guide Snmp Understanding SnmpNavigating to Simple Network Management Protocol Enable Snmp Read-only Community Name entireAllow Snmp SET Requests Read-write community name for perSource hostname or subnet Configuring Your Network Management SystemRebooting and Upgrading Your Access Point Using Snmp Rebooting Your Access Point Using Snmp Upgrading your Access PointFtp//testuser1testuser1@192.168.1.9922/54531.1.23.tar Ftp//192.168.1.100/54531.1.24.tarProfessional Access Point Administrator Guide Reboot Reset ConfigurationUpgrade Professional Access Point Administrator Guide Backup/Restore Navigating to Backup and Restore SettingsBacking up Configuration Setting for an Access Point Restoring Access Point Settings to a Previous ConfigurationProfessional Access Point Administrator Guide Command Line Interface Professional Access Point Administrator Guide Basic Settings Yes Described in Backup/Restore on How to Access the CLI for an Access Point Telnet Connection to the Access PointUSR5453-AP login Password USR5453-AP login admin Password Enter help for helpSSH2 Connection to the Access Point Telnet Function Telnet CommandStatus Status DownLogin as USR5453-AP#Quick View of Commands and How to Get Help Commands and SyntaxSSH Function SSH Command Set ssh StatusCommand Get logGet log-entry Get bss wlan0bssInternalCommand Description Add radius-user wallyGetting Help on Commands at the CLI Remove radius-user wallyCommand Usage and Configuration Examples Ready to Get Started?Professional Access Point Administrator Guide Understanding Interfaces as Presented in the CLI Interface DescriptionWlan0vwn1 Vlan1234Get interface vlan1234 role Saving Configuration ChangesGet interface vlanVLANID role Basic Setting Example Get the MAC Address for an Access Point Get Both the IP Address and MAC AddressWlan0wds1 Wds Down Wlan0wds2 Wlan0wds3 USR5453-AP# Get the Firmware Version for the Access Point Get the Location of the Access PointSet the Location for an Access Point Get the Current PasswordAccess Point and Cluster Settings Cluster Command ExampleGet MAC Addresses for all Access Points in the Cluster User AccountsUSR5453-AP#get radius-user all name name User Account Command ExampleGet All User Accounts USR5453-AP#set radius-user samantha password westport USR5453-AP#set radius-user samantha disabledAdd Users USR5453-AP#add radius-user samantha username samanthaStatus Command Example Remove a User AccountUSR5453-AP#remove radius-user wally Larry samantha endora darrenUSR5453-AP#get interface br0 Get Current Settings for the Ethernet Wired Guest Interface Get Current Wireless Radio SettingsUSR5453-AP# get radio wlan0 detail Get Status on EventsUSR5453-AP# get log-entry Priority DaemonUSR5453-AP#set log relay-enabled USR5453-AP#set log relay-host USR5453-AP#set log relay-host myserverUSR5453-AP#set log relay-port USR5453-AP# get logGet Client Associations Get neighbouring Access PointsGet Transmit / Receive Statistics USR5453-AP#get detected-ap USR5453-AP# get detected-apEthernet Wired Interface Wired Interface Command ExampleGet Wired Internal Interface Settings Get Wired Guest Interface SettingsSet Up Guest Access Get Summary View of Internal and Guest InterfacesUSR5453-AP# get bss USR5453-AP#get interface brguest status downUSR5453-AP#remove bridge-port br0 interface eth0 USR5453-AP# get interface brguest USR5453-AP#get interface brguest status upUSR5453-AP#get bridge-port brguest USR5453-AP#get bridge-port br0 Name InterfaceGet/Change the Connection Type Dhcp or Static IP USR5453-AP#get dhcp-client status upUSR5453-AP#set dhcp-client status up USR5453-AP#get interface br0 detailRe-Configure Static IP Addressing Values USR5453-AP#get interface br0 static-ipUSR5453-AP#set interface br0 static-ip USR5453-AP#get interface br0 static-maskWireless Interface SecuritySecurity Command Example Get the Current Security ModeGet Detailed Description of Current Security Settings USR5453-AP#get interface wlan0 security noneEnable / Disable Station Isolation Set the Broadcast Ssid Allow or ProhibitSet Security to None USR5453-AP#set interface wlan0 security noneSet Security to Static WEP USR5453-AP#set interface wlan0 security static-wepSet bss wlan0bssInternal open-system-authentication on Set bss wlan0bssInternal shared-key-authentication offSet bss wlan0bssInternal shared-key-authentication on USR5453-AP#set interface wlan0 wep-key-ascii yesUSR5453-AP#get interface wlan0 detail Set Security to Ieee USR5453-AP#set interface wlan0 security dot1xRadius Option Example USR5453-AP#set bss wlan0bssInternal radius-ipUSR5453-AP#set bss wlan0bssInternal radius-key secret Set BssUSR5453-AP#set bss wlan0bssInternal radius-accounting off USR5453-AP#get interface wlan0 security dot1xWPA Option Example Set Security to WPA/WPA2 Personal PSKUSR5453-AP#set interface wlan0 security wpa-personal Cipher Suite Option Example Set bss wlan0bssInternal wpa-cipher-tkip onSet bss wlan0bssInternal wpa-cipher-ccmp off Set bss wlan0bssInternal wpa-cipher-tkip offUSR5453-AP#get interface wlan0 security wpa-personal Set Security to WPA/WPA2 Enterprise RadiusUSR5453-AP#set interface wlan0 security wpa-enterprise Enable Pre-Authentication Cipher Suite Option USR5453-AP#set bss wlan0bssInternal radius-key KeepSecretUSR5453-AP#set bss wlan0bssInternal radius-accounting on USR5453-AP#get interface wlan0 security wpa-enterpriseEnable/Configure Guest Login Welcome View Guest Login SettingsEnable/Disable the Guest Welcome Set Guest Welcome Page TextConfiguring Multiple BSSIDs on Virtual Wireless Networks Review Guest Login SettingsConfiguring Virtual Wireless Network One on Radio One Set interface wlan0vwn1 security wpa-enterpriseRadio Settings Radio Setting Command ExampleGet Ieee 802.11 Radio Mode Creating VWN Two on Radio One with WPA securityGet Radio Channel Get Basic Radio SettingsGet All Radio Settings Configure Radio Settings Get Supported Rate SetUSR5453-AP#get supported-rate Get Basic Rate SetUSR5453-AP#set radio wlan0 mode g USR5453-AP#set radio wlan0 beacon-intervalUSR5453-AP#set bss wlan0bssInternal dtim-period USR5453-AP#get bss wlan0bssInternal dtim-periodUSR5453-AP#set radio wlan0 fragmentation-threshold USR5453-AP#set radio wlan0 rts-thresholdUSR5453-AP#add basic-rate wlan0 rate USR5453-AP#add supported-rate wlan0 rateMAC Filtering USR5453-AP#get supported-rate wlan0 rateAdd MAC Addresses of Client Stations to the Filtering List Specify an Accept or Deny ListSet bss wlan0bssGuest mac-acl-name Guest Get Current MAC Filtering Settings USR5453-AP#remove mac-acl Guest macGet bss interface mac-acl-mode USR5453-AP#get bss wlan0bssGuest mac-acl-mode accept-listLoad Balancing Quality of ServiceQoS Command QoS Command Example Enable/Disable Wi-Fi MultimediaData Access Point Station About Access Point and Station Edca ParametersUnderstanding the Queues for Access Point and Station Get QoS Settings on the Access Point Get QoS Settings on the Client StationUSR5453-AP#get wme-queue Set Arbirtation Interframe Spaces AifsUSR5453-AP#set wme-queue wlan0 with queue vo to aifs Setting Minimum and Maximum Contention Windows cwmin, cwmaxSet wme-queue wlan0 with queue QueueName to aifs AIFSValue Set tx-queue wlan0 with queue QueueName to burst burstValue Set the Maximum Burst Length burst on the Access PointUSR5453-AP#set wme-queue wlan0 with queue vi cwmin 7 cwmax USR5453-AP#set tx-queue wlan0 with queue data2 to burst USR5453-AP#set wme-queue wlan0 with queue vo to txop-limitWireless Distribution System Configuring a WDS LinkGetting Details on a WDS Configuration USR5453-AP#set interface wlan0wds0 remote-mac 00E0B8761B14USR5453-AP#get ntp detail Time ProtocolSet ntp server ntp.instant802.com Reboot the Access Point Reset the Access Point to Factory DefaultsUSR5453-AP#factory-reset Keyboard Shortcuts and Tab Completion HelpAction on CLI Keyboard Shortcut Keyboard ShortcutsTab Completion and Help USR5453-AP#get system v USR5453-AP#get system version CLI Class and Field Overview USR5453-AP# set mac-aclField Reference on Has name? \ # of instances? One MultipleCLI Class Relationships Class Description Class IndexAssociation Authenticated Field IndexInterface StationBasic-rate Bridge-portPriority BssPath-cost Status DescriptionRadio Beacon-interfaceMac Dtim-periodMax-stations Ignore-broadcast-ssidOpen-system-authentication Channel-plannerCluster Cluster-memberConfig DefaultNo-external-updates DebugDetected-ap Field DescriptionBeacon-interval CapabilityType Dhcp-client ErpBeacons Last-beaconDot11 HostDebug Dot11dDns-12 DomainStatic-dns-12 Static-domainInterface MaskRx-errors TypeStatic-ip Static-maskTx-errors Rx-compressedRx-multicast Tx-packetsIp-route Jvm KickstartdLog GatewayLog-entry DepthNumber TimeMac-acl NtpMessage ServerWelcome-screen-text PortalWelcome-screen Max-bss Tx-power Max-bssChannel-policy ModeWmewifinoacktest Rts-thresholdFragmentation-threshold Load-balance-disassociation-utilizationRadius-user SerialSnmp Ro-communitySsh Supported-rateSystem Rw-communityPassword Encrypted-passwordPassword-initialized TelnetQueue Tx-queueCommunity Web-ui Wme-queueProfessional Access Point Detection Utility does not find Possible SolutionAccess point Cannot access the Web User InterfaceMy wireless device cannot find the wireless network Possible Solution Wireless Distribution System WDS Problems and Solutions Am experiencing poor wireless link qualityCluster Recovery Reboot or Reset Access PointStop Clustering and Reset Each Access Point in the Cluster Click Stop ClusteringProfessional Access Point Administrator Guide Support Information Country Webmail VoiceUAE Declaration of Conformity Detachable Antenna InformationFCC Radiation Exposure Statement Radio and Television InterferenceUL Listing/CUL Listing For Canadian UsersIndustry Canada IC CE Compliance Declaration of ConformityEU Detachable Antenna Information Regulatory Channel FrequencyEU Health Protection Professional Access Point Administrator Guide Professional Access Point Administrator Guide Robotics Corporation Two 2 Year Limited Warranty Obtaining Warranty Service Limitations Disclaimer 802 802.1x802.2 802.3802.11b 802.11d802.11e 802.11fAES Beacon BridgeBroadcast Broadcast AddressBssid CcmpCGI CSMA/CADCF DhcpDNS DOMEAP EdcfESS EthernetFrame GatewayHtml HttpInfrastructure Mode IbssIeee Intrusion DetectionIPSec ISPJitter LatencyLAN LdapLLC MACNAT NICNTP OSIPacket Packet LossPHY PIDPPP PSKRadius RC4Rssi RTPSTP SnmpSsid Supported Rate Set TCPTCP/IP TkipUDP UnicastURL VlanWAN WDSWEP WinsWMM WPA WPA2Wrap XMLIndex DCF Ieee Snmp WDS Index-328