Ieee | USRobotics Instant802 APSDK guide

Professional Access Point

Administrator Guide

Figure 9. Example of Using Multiple WEP Keys and Transfer Key Index on Client Devices

			y1
		e
	Pk
E
W
					y3
				e
			Pk
		E
		W

can decrypt WEP key 3 transmits in WEP key 1

Client Station 1
WEP key 3		can decrypt WEP key 3
		can decrypt WEP key 3
		transmits in WEP key 2
		transmits in WEP key 2

WEP key 2

Access Point transmits to both stations with WEP key 3

Client Station 2

IEEE 802.1x

IEEE 802.1x is the standard that defines port-based authentication and provides a framework for implementing key management. Extensible Authentication Protocol (EAP) packets are sent over an IEEE

802.11wireless network using a protocol called EAP Encapsulation Over LANs (EAPOL). IEEE 802.1x provides dynamically-generated keys that are periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame.

The IEEE 802.1x security mode requires the use of a RADIUS server to authenticate users and requires configuration of user accounts via the Cluster menu’s User Management page.

The access point requires a RADIUS server capable of EAP, such as the Microsoft Internet Authentication Server or the Professional Access Point internal authentication server. To work with Windows clients, the authentication server must support Protected EAP (PEAP) and MSCHAP V2.

When configuring IEEE 802.1x mode, you can use either the embedded RADIUS server or an external RADIUS server that you provide. The Professional Access Point embedded RADIUS server supports Protected EAP (PEAP) and MSCHAP V2.

If you use your own RADIUS server, you can use any of a variety of authentication methods that the IEEE 802.1x mode supports, including certificates, Kerberos, and public key authentication. Keep in mind, however, that the clients must be configured to use the same authentication method being used by the access point.

If you select IEEE 802.1x Security Mode, you must provide the following:

Security - 114

Image 114

USRobotics Instant802 APSDK manual Ieee

Contents

Professional Access Point Administrator Guide R46.1224.00 rev 2.0 07/06Page Professional Access Point Administrator Guide USA Professional Access Point Administrator Guide Contents Class and Field Reference Class Structure, Commands, and ExamplesAdvanced Support Information Robotics Corporation Two 2 Year Limited Warranty Viii Administrator Audience Online Help Features Recommended Settings, Notes and Cautions Typographical Conventions Getting Started Wireless Features Features and BenefitsIeee Standards Support and Wi-Fi Compliance Security Features Guest Interface Clustering and Auto-ManagementNetworking What’s Next? Snmp SupportMaintainability Professional Access Point Default Settings for the Professional Access Point Option Default Settings Related Information Security Mode None Ieee 802.11 ModeTransmit Power Authentication Type Administrator’s Computer What the Access Point Does Not ProvideRequired Software or Component Description Wireless Client Computers Required Component Description How Does the Access Point Obtain an IP Address at Startup? Dynamic IP AddressingRequired Component Recovering an IP Address Static IP Addressing Professional Access Point Administrator Guide Unpack the access point Access Point Hardware and PortsWhat’s inside the Access Point? Connect the access point to network and power UK Users Hardware Connections for a Guest Vlan Professional Access Point Administrator Guide Professional Access Point Administrator Guide Professional Access Point Administrator Guide Log on to the Web User Interface Viewing Basic Settings for Access PointsField Default Setting Username Configure Basic Settings and start the wireless network Default Configuration Wall Mounting the Access Point Make Sure the Access Point is Connected to the LAN Test LAN Connectivity with Wireless Clients Web User Interface Navigating to Basic Settings MAC Address Review / Describe the Access PointField Description Firmware Version Administrator Password again Provide Administrator Password and Wireless Network NameAdministrator Password Wireless Network Name Ssid Set Configuration Policy for New Access Points New Access PointsField Update Basic Settings Summary of Settings Basic Settings for a Standalone Access Point Your Network at a Glance Understanding Indicator IconsIcon Description Professional Access Point Administrator Guide Access Points Cluster Navigating to Access Points Management Understanding Clustering What is a Cluster? How Many APs Can a Cluster Support?What Kinds of APs Can Cluster? Settings Not Shared by the Cluster Cluster Mode Standalone ModeCluster Formation Cluster Size and Membership Understanding Access Point SettingsAuto-Synchronization of Cluster Configuration Intra-Cluster Security Removing an Access Point from the Cluster Modifying the Location Description Adding an Access Point to a Cluster Http//IPAddressOfAccessPoint Professional Access Point Administrator Guide Professional Access Point Administrator Guide User Management Navigating to User Management for Clustered Access Points Viewing User AccountsAdding a User Enabling a User Account Editing a User AccountEnabling and Disabling User Accounts Real Name Backing Up and Restoring a User Database Restoring a User Database from a Backup FileRemoving a User Account Disabling a User Account Professional Access Point Administrator Guide Professional Access Point Administrator Guide Sessions Navigating to Session Monitoring Understanding Session Monitoring Information User AP Location User MAC Idle Rate Sorting Session Information Viewing Session Information for Access PointsSignal Utilization Rx Total Tx Total Error Rate Refreshing Session Information Professional Access Point Administrator Guide Channel Management How it Works Overview Navigating to Channel ManagementUnderstanding Channel Management Overlapping Channels Background Information Configuring and Viewing Channel Management Settings Example a Network before and after Channel Management Stopping/Starting Automatic Channel Assignment IP Address Band Current Locked Viewing Current Channel Assignments and Setting LocksViewing Last Proposed Set of Changes IP Address Current Proposed Change channels if interference is reduced by at least Use these channels when applying channel assignmentsAdvanced Determine if there is better set of channels every Apply channel modifications even when the network is busy Professional Access Point Administrator Guide Wireless Neighborhood Navigating to Wireless Neighborhood Understanding Wireless Neighbourhood Information Viewing Wireless Neighborhood Display neighboring APsCluster Neighbors Viewing Details for a Cluster Member Details for a Cluster Member AP Signal ChannelBeacon Age Status Interfaces Ethernet Wired Settings Wireless Settings Events Log Relay Host for Kernel Messages SYSLOGD=-r Setting Up the Log Relay HostUnderstanding Remote Logging Tmp/APsyslog Etc/init.d/sysklogd restart Log Relay Host EnabledEnabled Relay Host Transmit/Receive Statistics Events Log Name Ssid ErrorsClient Associations Total Packets What is the Difference Between an Association and a Session? Link Integrity Monitoring Neighboring Access Points Select AP Detection Enabled Beacon Int TypePrivacy # of Beacons Last BeaconRates Professional Access Point Administrator Guide Ethernet Wired Settings Advanced Navigating to Ethernet Wired Settings Configuring an Internal LAN and a Guest Network Setting the DNS NameManaging Guest Access Enabling and Disabling Guest Access Guest Access For Guest access, useSpecifying a Virtual Guest Network Configuring Internal Interface Ethernet Settings Virtual Wireless Networks Default Gateway Static IP AddressDNS Nameservers Configuring Guest Interface Ethernet Wired Settings Updating SettingsSubnet Professional Access Point Administrator Guide Wireless Settings Navigating to Wireless Settings Configuring 802.11d Regulatory Domain Support 802.11d Regulatory Domain Support Configuring the Radio Interface Configuring Internal LAN Wireless SettingsMode Channel Configuring Guest Network Wireless Settings Read-only field Understanding Security Issues on Wireless Networks How Do I Know Which Security Mode to Use?Security When to Use No Security User Authentication Key ManagementEncryption Algorithm Encryption Algorithms When to Use WPA/WPA2 Enterprise Radius Does Prohibiting the Broadcast of Ssid Enhance Security? How Does Station Isolation Protect the Network? Navigating to Security Settings Configuring Security SettingsBroadcast SSID, Station Isolation, and Security Mode None Static WEP Professional Access Point Administrator Guide Bits Transfer Key IndexKey Length Key Type Authentication Algorithm Open System Shared Key Both Example of Using Static WEP Static WEP with Transfer KEY Indexes on Client Devices Ieee WPA/WPA2 Personal PSK Authentication ServerEnable Radius Accounting Radius IP WPA Versions Cipher Suites WPA/WPA2 Enterprise Radius Key Enable pre-authentication Improving the security of the network Enter the Radius IP Professional Access Point Administrator Guide Guest Login Configuring Guest Access Using Virtual LANsConfiguring a Guest Network on a Virtual LAN DSL/T1 Configuring the Welcome Screen Captive Portal Using the Guest Network Configuring Guest Access without Virtual LANs Configuring a Guest Network on a Dedicated Access Point Virtual Wireless Networks Navigating to Virtual Wireless Network Settings One Configuring VLANsVirtual Wireless Network Two Ton Professional Access Point Administrator Guide Understanding Radio Settings Radio Navigating to Radio Settings Configuring Radio SettingsStatus On/Off Mode Ieee 802.11bSuper G Maximum Stations Rate Sets Broadcast a subset of its supported rate sets Professional Access Point Administrator Guide Navigating to MAC Filtering Settings MAC Filtering Using MAC Filtering Filter Stations List Professional Access Point Administrator Guide Load Balancing Understanding Load BalancingSpecifying Limits for Utilization and Client Associations Navigating to Load Balancing Settings Configuring Load BalancingLoad Balancing and QoS Stations Threshold for Disassocia Utilization for No New AssociationsUtilization for Disassociation Tion To apply your changes, click Update Settings QoS and Load Balancing Quality of ServiceUnderstanding QoS 802.11e and WMM Standards Support QoS Queues and Parameters to Coordinate Traffic Flow Professional Access Point Administrator Guide Random Backoff and Minimum / Maximum Contention Windows Navigating to QoS Settings Configuring QoS Queues Configuring AP Edca Parameters Enabling/Disabling Wi-Fi Multimedia Configuring Station Edca Parameters Data 0 Voice Txop Limit Transmission Opportunity Limit Professional Access Point Administrator Guide Wireless Distribution System Understanding the Wireless Distribution SystemUsing WDS to Bridge Distant Wired LANs Backup Links and Unwanted Loops in WDS Bridges LAN Segment Navigating to WDS Settings Security Considerations Related to WDS Bridges Configuring WDS Settings Bridge with Local AddressRemote Address Internal Network Example of Configuring a WDS Link DisabledWEP Key Local Address Professional Access Point Administrator Guide Navigating to Time Protocol Settings Time Protocol Enabling and Disabling a Network Time Protocol NTP Server NTP Server Professional Access Point Administrator Guide Snmp Understanding Snmp Navigating to Simple Network Management Protocol Allow Snmp SET Requests Enable SnmpRead-only Community Name entire Read-write community name for per Configuring Your Network Management System Rebooting and Upgrading Your Access Point Using SnmpSource hostname or subnet Ftp//testuser1testuser1@192.168.1.9922/54531.1.23.tar Rebooting Your Access Point Using SnmpUpgrading your Access Point Ftp//192.168.1.100/54531.1.24.tar Professional Access Point Administrator Guide Reboot Reset Configuration Upgrade Professional Access Point Administrator Guide Backup/Restore Navigating to Backup and Restore Settings Backing up Configuration Setting for an Access Point Restoring Access Point Settings to a Previous Configuration Professional Access Point Administrator Guide Command Line Interface Professional Access Point Administrator Guide Basic Settings Yes Described in Backup/Restore on USR5453-AP login Password How to Access the CLI for an Access PointTelnet Connection to the Access Point USR5453-AP login admin Password Enter help for help Status SSH2 Connection to the Access PointTelnet Function Telnet Command Status Down Login as USR5453-AP# SSH Function SSH Command Quick View of Commands and How to Get HelpCommands and Syntax Set ssh Status Get log-entry CommandGet log Get bss wlan0bssInternal Command Description Add radius-user wally Getting Help on Commands at the CLI Remove radius-user wally Command Usage and Configuration Examples Ready to Get Started? Professional Access Point Administrator Guide Wlan0vwn1 Understanding Interfaces as Presented in the CLIInterface Description Vlan1234 Saving Configuration Changes Get interface vlanVLANID roleGet interface vlan1234 role Basic Setting Example Get the MAC Address for an Access Point Get Both the IP Address and MAC Address Wlan0wds1 Wds Down Wlan0wds2 Wlan0wds3 USR5453-AP# Set the Location for an Access Point Get the Firmware Version for the Access PointGet the Location of the Access Point Get the Current Password Get MAC Addresses for all Access Points in the Cluster Access Point and Cluster SettingsCluster Command Example User Accounts User Account Command Example Get All User AccountsUSR5453-AP#get radius-user all name name Add Users USR5453-AP#set radius-user samantha password westportUSR5453-AP#set radius-user samantha disabled USR5453-AP#add radius-user samantha username samantha USR5453-AP#remove radius-user wally Status Command ExampleRemove a User Account Larry samantha endora darren USR5453-AP#get interface br0 Get Current Settings for the Ethernet Wired Guest Interface Get Current Wireless Radio Settings USR5453-AP# get log-entry USR5453-AP# get radio wlan0 detailGet Status on Events Priority Daemon USR5453-AP#set log relay-enabled USR5453-AP#set log relay-port USR5453-AP#set log relay-hostUSR5453-AP#set log relay-host myserver USR5453-AP# get log Get neighbouring Access Points Get Transmit / Receive StatisticsGet Client Associations USR5453-AP#get detected-ap USR5453-AP# get detected-ap Ethernet Wired Interface Wired Interface Command Example Set Up Guest Access Get Wired Internal Interface SettingsGet Wired Guest Interface Settings Get Summary View of Internal and Guest Interfaces USR5453-AP#get interface brguest status down USR5453-AP#remove bridge-port br0 interface eth0USR5453-AP# get bss USR5453-AP#get bridge-port brguest USR5453-AP# get interface brguestUSR5453-AP#get interface brguest status up USR5453-AP#get bridge-port br0 Name Interface USR5453-AP#set dhcp-client status up Get/Change the Connection Type Dhcp or Static IPUSR5453-AP#get dhcp-client status up USR5453-AP#get interface br0 detail USR5453-AP#set interface br0 static-ip Re-Configure Static IP Addressing ValuesUSR5453-AP#get interface br0 static-ip USR5453-AP#get interface br0 static-mask Wireless Interface Security Get Detailed Description of Current Security Settings Security Command ExampleGet the Current Security Mode USR5453-AP#get interface wlan0 security none Enable / Disable Station Isolation Set the Broadcast Ssid Allow or Prohibit Set Security to Static WEP Set Security to NoneUSR5453-AP#set interface wlan0 security none USR5453-AP#set interface wlan0 security static-wep Set bss wlan0bssInternal shared-key-authentication on Set bss wlan0bssInternal open-system-authentication onSet bss wlan0bssInternal shared-key-authentication off USR5453-AP#set interface wlan0 wep-key-ascii yes USR5453-AP#get interface wlan0 detail Radius Option Example Set Security to IeeeUSR5453-AP#set interface wlan0 security dot1x USR5453-AP#set bss wlan0bssInternal radius-ip USR5453-AP#set bss wlan0bssInternal radius-accounting off USR5453-AP#set bss wlan0bssInternal radius-key secretSet Bss USR5453-AP#get interface wlan0 security dot1x Set Security to WPA/WPA2 Personal PSK USR5453-AP#set interface wlan0 security wpa-personalWPA Option Example Set bss wlan0bssInternal wpa-cipher-ccmp off Cipher Suite Option ExampleSet bss wlan0bssInternal wpa-cipher-tkip on Set bss wlan0bssInternal wpa-cipher-tkip off USR5453-AP#get interface wlan0 security wpa-personal Set Security to WPA/WPA2 Enterprise Radius USR5453-AP#set interface wlan0 security wpa-enterprise Enable Pre-Authentication Cipher Suite Option USR5453-AP#set bss wlan0bssInternal radius-key KeepSecret USR5453-AP#set bss wlan0bssInternal radius-accounting on USR5453-AP#get interface wlan0 security wpa-enterprise Enable/Disable the Guest Welcome Enable/Configure Guest Login WelcomeView Guest Login Settings Set Guest Welcome Page Text Configuring Virtual Wireless Network One on Radio One Configuring Multiple BSSIDs on Virtual Wireless NetworksReview Guest Login Settings Set interface wlan0vwn1 security wpa-enterprise Get Ieee 802.11 Radio Mode Radio SettingsRadio Setting Command Example Creating VWN Two on Radio One with WPA security Get Basic Radio Settings Get All Radio SettingsGet Radio Channel USR5453-AP#get supported-rate Configure Radio SettingsGet Supported Rate Set Get Basic Rate Set USR5453-AP#set bss wlan0bssInternal dtim-period USR5453-AP#set radio wlan0 mode gUSR5453-AP#set radio wlan0 beacon-interval USR5453-AP#get bss wlan0bssInternal dtim-period USR5453-AP#add basic-rate wlan0 rate USR5453-AP#set radio wlan0 fragmentation-thresholdUSR5453-AP#set radio wlan0 rts-threshold USR5453-AP#add supported-rate wlan0 rate MAC Filtering USR5453-AP#get supported-rate wlan0 rate Specify an Accept or Deny List Set bss wlan0bssGuest mac-acl-name GuestAdd MAC Addresses of Client Stations to the Filtering List Get bss interface mac-acl-mode Get Current MAC Filtering SettingsUSR5453-AP#remove mac-acl Guest mac USR5453-AP#get bss wlan0bssGuest mac-acl-mode accept-list Quality of Service QoS CommandLoad Balancing QoS Command Example Enable/Disable Wi-Fi Multimedia About Access Point and Station Edca Parameters Understanding the Queues for Access Point and StationData Access Point Station USR5453-AP#get wme-queue Get QoS Settings on the Access PointGet QoS Settings on the Client Station Set Arbirtation Interframe Spaces Aifs Setting Minimum and Maximum Contention Windows cwmin, cwmax Set wme-queue wlan0 with queue QueueName to aifs AIFSValueUSR5453-AP#set wme-queue wlan0 with queue vo to aifs Set the Maximum Burst Length burst on the Access Point USR5453-AP#set wme-queue wlan0 with queue vi cwmin 7 cwmaxSet tx-queue wlan0 with queue QueueName to burst burstValue USR5453-AP#set tx-queue wlan0 with queue data2 to burst USR5453-AP#set wme-queue wlan0 with queue vo to txop-limit Getting Details on a WDS Configuration Wireless Distribution SystemConfiguring a WDS Link USR5453-AP#set interface wlan0wds0 remote-mac 00E0B8761B14 Time Protocol Set ntp server ntp.instant802.comUSR5453-AP#get ntp detail USR5453-AP#factory-reset Reboot the Access PointReset the Access Point to Factory Defaults Keyboard Shortcuts and Tab Completion Help Keyboard Shortcuts Tab Completion and HelpAction on CLI Keyboard Shortcut USR5453-AP#get system v USR5453-AP#get system version CLI Class and Field Overview USR5453-AP# set mac-acl Field Reference on Has name? \ # of instances? One Multiple CLI Class Relationships Class Index AssociationClass Description Interface AuthenticatedField Index Station Basic-rate Bridge-port Bss Path-costPriority Radio StatusDescription Beacon-interface Max-stations MacDtim-period Ignore-broadcast-ssid Cluster Open-system-authenticationChannel-planner Cluster-member No-external-updates ConfigDefault Debug Detected-ap Field Description Beacon-interval Capability Type Beacons Dhcp-clientErp Last-beacon Debug Dot11Host Dot11d Static-dns-12 Dns-12Domain Static-domain Interface Mask Static-ip Rx-errorsType Static-mask Rx-multicast Tx-errorsRx-compressed Tx-packets Ip-route Log JvmKickstartd Gateway Number Log-entryDepth Time Message Mac-aclNtp Server Portal Welcome-screenWelcome-screen-text Max-bss Channel-policy Tx-powerMax-bss Mode Fragmentation-threshold WmewifinoacktestRts-threshold Load-balance-disassociation-utilization Snmp Radius-userSerial Ro-community System SshSupported-rate Rw-community Password-initialized PasswordEncrypted-password Telnet Tx-queue CommunityQueue Web-ui Wme-queue Professional Access Point Detection Utility does not find Possible Solution Access point Cannot access the Web User Interface My wireless device cannot find the wireless network Possible Solution Wireless Distribution System WDS Problems and Solutions Am experiencing poor wireless link quality Cluster Recovery Reboot or Reset Access Point Stop Clustering and Reset Each Access Point in the Cluster Click Stop Clustering Professional Access Point Administrator Guide Support Information Country Webmail Voice UAE FCC Radiation Exposure Statement Declaration of ConformityDetachable Antenna Information Radio and Television Interference For Canadian Users Industry Canada ICUL Listing/CUL Listing CE Compliance Declaration of Conformity Regulatory Channel Frequency EU Health ProtectionEU Detachable Antenna Information Professional Access Point Administrator Guide Professional Access Point Administrator Guide Robotics Corporation Two 2 Year Limited Warranty Obtaining Warranty Service Limitations Disclaimer 802.2 802802.1x 802.3 802.11e 802.11b802.11d 802.11f AES Broadcast BeaconBridge Broadcast Address CGI BssidCcmp CSMA/CA DNS DCFDhcp DOM ESS EAPEdcf Ethernet Html FrameGateway Http Ieee Infrastructure ModeIbss Intrusion Detection Jitter IPSecISP Latency LLC LANLdap MAC NTP NATNIC OSI PHY PacketPacket Loss PID PPP PSK Rssi RadiusRC4 RTP Snmp SsidSTP TCP/IP Supported Rate SetTCP Tkip URL UDPUnicast Vlan WEP WANWDS Wins Wrap WMM WPAWPA2 XML Index DCF Ieee Snmp WDS Index-328