Enable pre-authentication | USRobotics Instant802 APSDK specs

Professional Access Point Administrator Guide

Field

Description

Enable pre-authentication	If for WPA Versions you select WPA2 or Both, you can enable pre-authentication for
	WPA2 clients.
	Click Enable pre-authenticationif you want WPA2 wireless clients to send pre-authen-
	tication packet. The pre-authentication information will be relayed from the access
	point the client is currently using to the target access point. Enabling this feature
	can help speed up authentication for roaming clients who connect to multiple
	access points.
	This option does not apply if you selected WPA for WPA Versions because the orig-
	inal WPA does not support this feature.

Cipher Suites	Select the cipher you want to use from the list:
	• TKIP—Temporal Key Integrity Protocol (TKIP) provides a more secure encryption
	solution than WEP keys. The TKIP process more frequently changes the encryp-
	tion key used and better ensures that the same key will not be reused to encrypt
	data (a weakness of WEP). TKIP uses a 128-bit temporal key shared by clients
	and access points. The temporal key is combined with the client's MAC address
	and a 16-octet initialization vector to produce the key that will encrypt the data.
	This ensures that each client uses a different key to encrypt data. TKIP uses
	RC4 to perform the encryption, which is the same as WEP. But TKIP changes
	temporal keys every 10,000 packets and distributes them, thereby greatly
	improving the security of the network.
	• CCMP (AES)—Countermode/CBC-MAC Protocol (CCMP) is an encryption method for
	IEEE 802.11i that uses the Advanced Encryption Algorithm (AES). It uses a CCM
	combined with Cipher Block Chaining Counter mode (CBC-CTR) and Cipher Block Chain-
	ing Message Authentication Code (CBC-MAC) for encryption and message integrity.
	• Both—The default. When the authentication algorithm is set to Both, both TKIP
	and AES clients can associate with the access point. Clients configured to use WPA
	with RADIUS must have one of the following to be able to associate with the access
	point:
	• A valid TKIP RADIUS IP address and RADIUS Key
	• A valid CCMP (AES) IP address and RADIUS Key
	Clients not configured to use WPA with RADIUS will not be able to associate with
	access point.

Authentication Server	Select one of the following from list:
	• Built-in—To use the authentication server provided with the Professional Access
	Point. If you choose this option, you do not have to provide the Radius IP and
	Radius Key; they are automatically provided.
	• External—To use an external authentication server. If you choose this option you
	must supply a Radius IP and Radius Key of the server you want to use.
	Note: The RADIUS server is identified by its IP address and UDP port numbers for
	the different services it provides. On the Professional Access Point, the RADIUS
	server User Datagram Protocol (UDP) ports used by the access point are not con-
	figurable. The Professional Access Point is hard-coded to use RADIUS server UDP
	port 1812 for authentication and port 1813 for accounting.

Security - 118

Image 118

USRobotics Instant802 APSDK manual Enable pre-authentication, Improving the security of the network

Contents

Professional Access Point Administrator Guide R46.1224.00 rev 2.0 07/06Page Professional Access Point Administrator Guide USA Professional Access Point Administrator Guide Contents Class and Field Reference Class Structure, Commands, and ExamplesAdvanced Support Information Robotics Corporation Two 2 Year Limited Warranty Viii Administrator Audience Online Help Features Recommended Settings, Notes and Cautions Typographical Conventions Getting Started Wireless Features Features and BenefitsIeee Standards Support and Wi-Fi Compliance Security Features Clustering and Auto-Management Guest InterfaceNetworking Snmp Support What’s Next?Maintainability Professional Access Point Default Settings for the Professional Access Point Option Default Settings Related Information Security Mode None Ieee 802.11 ModeTransmit Power Authentication Type What the Access Point Does Not Provide Administrator’s ComputerRequired Software or Component Description Wireless Client Computers Required Component Description Dynamic IP Addressing How Does the Access Point Obtain an IP Address at Startup?Required Component Recovering an IP Address Static IP Addressing Professional Access Point Administrator Guide Access Point Hardware and Ports Unpack the access pointWhat’s inside the Access Point? Connect the access point to network and power UK Users Hardware Connections for a Guest Vlan Professional Access Point Administrator Guide Professional Access Point Administrator Guide Professional Access Point Administrator Guide Log on to the Web User Interface Viewing Basic Settings for Access PointsField Default Setting Username Configure Basic Settings and start the wireless network Default Configuration Wall Mounting the Access Point Make Sure the Access Point is Connected to the LAN Test LAN Connectivity with Wireless Clients Web User Interface Navigating to Basic Settings MAC Address Review / Describe the Access PointField Description Firmware Version Administrator Password again Provide Administrator Password and Wireless Network NameAdministrator Password Wireless Network Name Ssid New Access Points Set Configuration Policy for New Access PointsField Update Basic Settings Summary of Settings Your Network at a Glance Understanding Indicator Icons Basic Settings for a Standalone Access PointIcon Description Professional Access Point Administrator Guide Access Points Cluster Navigating to Access Points Management Understanding Clustering How Many APs Can a Cluster Support? What is a Cluster?What Kinds of APs Can Cluster? Settings Not Shared by the Cluster Standalone Mode Cluster ModeCluster Formation Cluster Size and Membership Understanding Access Point SettingsAuto-Synchronization of Cluster Configuration Intra-Cluster Security Removing an Access Point from the Cluster Modifying the Location Description Adding an Access Point to a Cluster Http//IPAddressOfAccessPoint Professional Access Point Administrator Guide Professional Access Point Administrator Guide User Management Viewing User Accounts Navigating to User Management for Clustered Access PointsAdding a User Enabling a User Account Editing a User AccountEnabling and Disabling User Accounts Real Name Backing Up and Restoring a User Database Restoring a User Database from a Backup FileRemoving a User Account Disabling a User Account Professional Access Point Administrator Guide Professional Access Point Administrator Guide Sessions Navigating to Session Monitoring Understanding Session Monitoring Information User AP Location User MAC Idle Rate Sorting Session Information Viewing Session Information for Access PointsSignal Utilization Rx Total Tx Total Error Rate Refreshing Session Information Professional Access Point Administrator Guide Channel Management How it Works Overview Navigating to Channel ManagementUnderstanding Channel Management Overlapping Channels Background Information Configuring and Viewing Channel Management Settings Example a Network before and after Channel Management Stopping/Starting Automatic Channel Assignment IP Address Band Current Locked Viewing Current Channel Assignments and Setting LocksViewing Last Proposed Set of Changes IP Address Current Proposed Change channels if interference is reduced by at least Use these channels when applying channel assignmentsAdvanced Determine if there is better set of channels every Apply channel modifications even when the network is busy Professional Access Point Administrator Guide Wireless Neighborhood Navigating to Wireless Neighborhood Understanding Wireless Neighbourhood Information Display neighboring APs Viewing Wireless NeighborhoodCluster Neighbors Viewing Details for a Cluster Member Details for a Cluster Member AP Channel SignalBeacon Age Status Interfaces Ethernet Wired Settings Wireless Settings Events Log Relay Host for Kernel Messages SYSLOGD=-r Setting Up the Log Relay HostUnderstanding Remote Logging Tmp/APsyslog Etc/init.d/sysklogd restart Log Relay Host EnabledEnabled Relay Host Transmit/Receive Statistics Events Log Name Ssid ErrorsClient Associations Total Packets What is the Difference Between an Association and a Session? Link Integrity Monitoring Neighboring Access Points Select AP Detection Enabled Type Beacon IntPrivacy Last Beacon # of BeaconsRates Professional Access Point Administrator Guide Ethernet Wired Settings Advanced Navigating to Ethernet Wired Settings Configuring an Internal LAN and a Guest Network Setting the DNS NameManaging Guest Access Enabling and Disabling Guest Access For Guest access, use Guest AccessSpecifying a Virtual Guest Network Configuring Internal Interface Ethernet Settings Virtual Wireless Networks Static IP Address Default GatewayDNS Nameservers Updating Settings Configuring Guest Interface Ethernet Wired SettingsSubnet Professional Access Point Administrator Guide Wireless Settings Navigating to Wireless Settings Configuring 802.11d Regulatory Domain Support 802.11d Regulatory Domain Support Configuring Internal LAN Wireless Settings Configuring the Radio InterfaceMode Channel Configuring Guest Network Wireless Settings Read-only field How Do I Know Which Security Mode to Use? Understanding Security Issues on Wireless NetworksSecurity When to Use No Security Key Management User AuthenticationEncryption Algorithm Encryption Algorithms When to Use WPA/WPA2 Enterprise Radius Does Prohibiting the Broadcast of Ssid Enhance Security? How Does Station Isolation Protect the Network? Configuring Security Settings Navigating to Security SettingsBroadcast SSID, Station Isolation, and Security Mode None Static WEP Professional Access Point Administrator Guide Bits Transfer Key IndexKey Length Key Type Authentication Algorithm Open System Shared Key Both Example of Using Static WEP Static WEP with Transfer KEY Indexes on Client Devices Ieee WPA/WPA2 Personal PSK Authentication ServerEnable Radius Accounting Radius IP WPA Versions Cipher Suites WPA/WPA2 Enterprise Radius Key Enable pre-authentication Improving the security of the network Enter the Radius IP Professional Access Point Administrator Guide Configuring Guest Access Using Virtual LANs Guest LoginConfiguring a Guest Network on a Virtual LAN DSL/T1 Configuring the Welcome Screen Captive Portal Using the Guest Network Configuring Guest Access without Virtual LANs Configuring a Guest Network on a Dedicated Access Point Virtual Wireless Networks Navigating to Virtual Wireless Network Settings One Configuring VLANsVirtual Wireless Network Two Ton Professional Access Point Administrator Guide Understanding Radio Settings Radio Configuring Radio Settings Navigating to Radio SettingsStatus On/Off Ieee 802.11b ModeSuper G Maximum Stations Rate Sets Broadcast a subset of its supported rate sets Professional Access Point Administrator Guide Navigating to MAC Filtering Settings MAC Filtering Using MAC Filtering Filter Stations List Professional Access Point Administrator Guide Understanding Load Balancing Load BalancingSpecifying Limits for Utilization and Client Associations Configuring Load Balancing Navigating to Load Balancing SettingsLoad Balancing and QoS Stations Threshold for Disassocia Utilization for No New AssociationsUtilization for Disassociation Tion To apply your changes, click Update Settings QoS and Load Balancing Quality of ServiceUnderstanding QoS 802.11e and WMM Standards Support QoS Queues and Parameters to Coordinate Traffic Flow Professional Access Point Administrator Guide Random Backoff and Minimum / Maximum Contention Windows Navigating to QoS Settings Configuring QoS Queues Configuring AP Edca Parameters Enabling/Disabling Wi-Fi Multimedia Configuring Station Edca Parameters Data 0 Voice Txop Limit Transmission Opportunity Limit Professional Access Point Administrator Guide Understanding the Wireless Distribution System Wireless Distribution SystemUsing WDS to Bridge Distant Wired LANs Backup Links and Unwanted Loops in WDS Bridges LAN Segment Navigating to WDS Settings Security Considerations Related to WDS Bridges Configuring WDS Settings Bridge with Local AddressRemote Address Internal Network Disabled Example of Configuring a WDS LinkWEP Key Local Address Professional Access Point Administrator Guide Navigating to Time Protocol Settings Time Protocol Enabling and Disabling a Network Time Protocol NTP Server NTP Server Professional Access Point Administrator Guide Snmp Understanding Snmp Navigating to Simple Network Management Protocol Allow Snmp SET Requests Enable SnmpRead-only Community Name entire Read-write community name for per Rebooting and Upgrading Your Access Point Using Snmp Configuring Your Network Management SystemSource hostname or subnet Ftp//testuser1testuser1@192.168.1.9922/54531.1.23.tar Rebooting Your Access Point Using SnmpUpgrading your Access Point Ftp//192.168.1.100/54531.1.24.tar Professional Access Point Administrator Guide Reboot Reset Configuration Upgrade Professional Access Point Administrator Guide Backup/Restore Navigating to Backup and Restore Settings Backing up Configuration Setting for an Access Point Restoring Access Point Settings to a Previous Configuration Professional Access Point Administrator Guide Command Line Interface Professional Access Point Administrator Guide Basic Settings Yes Described in Backup/Restore on USR5453-AP login Password How to Access the CLI for an Access PointTelnet Connection to the Access Point USR5453-AP login admin Password Enter help for help Status SSH2 Connection to the Access PointTelnet Function Telnet Command Status Down Login as USR5453-AP# SSH Function SSH Command Quick View of Commands and How to Get HelpCommands and Syntax Set ssh Status Get log-entry CommandGet log Get bss wlan0bssInternal Command Description Add radius-user wally Getting Help on Commands at the CLI Remove radius-user wally Command Usage and Configuration Examples Ready to Get Started? Professional Access Point Administrator Guide Wlan0vwn1 Understanding Interfaces as Presented in the CLIInterface Description Vlan1234 Get interface vlanVLANID role Saving Configuration ChangesGet interface vlan1234 role Basic Setting Example Get the MAC Address for an Access Point Get Both the IP Address and MAC Address Wlan0wds1 Wds Down Wlan0wds2 Wlan0wds3 USR5453-AP# Set the Location for an Access Point Get the Firmware Version for the Access PointGet the Location of the Access Point Get the Current Password Get MAC Addresses for all Access Points in the Cluster Access Point and Cluster SettingsCluster Command Example User Accounts Get All User Accounts User Account Command ExampleUSR5453-AP#get radius-user all name name Add Users USR5453-AP#set radius-user samantha password westportUSR5453-AP#set radius-user samantha disabled USR5453-AP#add radius-user samantha username samantha USR5453-AP#remove radius-user wally Status Command ExampleRemove a User Account Larry samantha endora darren USR5453-AP#get interface br0 Get Current Settings for the Ethernet Wired Guest Interface Get Current Wireless Radio Settings USR5453-AP# get log-entry USR5453-AP# get radio wlan0 detailGet Status on Events Priority Daemon USR5453-AP#set log relay-enabled USR5453-AP#set log relay-port USR5453-AP#set log relay-hostUSR5453-AP#set log relay-host myserver USR5453-AP# get log Get Transmit / Receive Statistics Get neighbouring Access PointsGet Client Associations USR5453-AP#get detected-ap USR5453-AP# get detected-ap Ethernet Wired Interface Wired Interface Command Example Set Up Guest Access Get Wired Internal Interface SettingsGet Wired Guest Interface Settings Get Summary View of Internal and Guest Interfaces USR5453-AP#remove bridge-port br0 interface eth0 USR5453-AP#get interface brguest status downUSR5453-AP# get bss USR5453-AP#get bridge-port brguest USR5453-AP# get interface brguestUSR5453-AP#get interface brguest status up USR5453-AP#get bridge-port br0 Name Interface USR5453-AP#set dhcp-client status up Get/Change the Connection Type Dhcp or Static IPUSR5453-AP#get dhcp-client status up USR5453-AP#get interface br0 detail USR5453-AP#set interface br0 static-ip Re-Configure Static IP Addressing ValuesUSR5453-AP#get interface br0 static-ip USR5453-AP#get interface br0 static-mask Wireless Interface Security Get Detailed Description of Current Security Settings Security Command ExampleGet the Current Security Mode USR5453-AP#get interface wlan0 security none Enable / Disable Station Isolation Set the Broadcast Ssid Allow or Prohibit Set Security to Static WEP Set Security to NoneUSR5453-AP#set interface wlan0 security none USR5453-AP#set interface wlan0 security static-wep Set bss wlan0bssInternal shared-key-authentication on Set bss wlan0bssInternal open-system-authentication onSet bss wlan0bssInternal shared-key-authentication off USR5453-AP#set interface wlan0 wep-key-ascii yes USR5453-AP#get interface wlan0 detail Radius Option Example Set Security to IeeeUSR5453-AP#set interface wlan0 security dot1x USR5453-AP#set bss wlan0bssInternal radius-ip USR5453-AP#set bss wlan0bssInternal radius-accounting off USR5453-AP#set bss wlan0bssInternal radius-key secretSet Bss USR5453-AP#get interface wlan0 security dot1x USR5453-AP#set interface wlan0 security wpa-personal Set Security to WPA/WPA2 Personal PSKWPA Option Example Set bss wlan0bssInternal wpa-cipher-ccmp off Cipher Suite Option ExampleSet bss wlan0bssInternal wpa-cipher-tkip on Set bss wlan0bssInternal wpa-cipher-tkip off USR5453-AP#get interface wlan0 security wpa-personal Set Security to WPA/WPA2 Enterprise Radius USR5453-AP#set interface wlan0 security wpa-enterprise Enable Pre-Authentication Cipher Suite Option USR5453-AP#set bss wlan0bssInternal radius-key KeepSecret USR5453-AP#set bss wlan0bssInternal radius-accounting on USR5453-AP#get interface wlan0 security wpa-enterprise Enable/Disable the Guest Welcome Enable/Configure Guest Login WelcomeView Guest Login Settings Set Guest Welcome Page Text Configuring Virtual Wireless Network One on Radio One Configuring Multiple BSSIDs on Virtual Wireless NetworksReview Guest Login Settings Set interface wlan0vwn1 security wpa-enterprise Get Ieee 802.11 Radio Mode Radio SettingsRadio Setting Command Example Creating VWN Two on Radio One with WPA security Get All Radio Settings Get Basic Radio SettingsGet Radio Channel USR5453-AP#get supported-rate Configure Radio SettingsGet Supported Rate Set Get Basic Rate Set USR5453-AP#set bss wlan0bssInternal dtim-period USR5453-AP#set radio wlan0 mode gUSR5453-AP#set radio wlan0 beacon-interval USR5453-AP#get bss wlan0bssInternal dtim-period USR5453-AP#add basic-rate wlan0 rate USR5453-AP#set radio wlan0 fragmentation-thresholdUSR5453-AP#set radio wlan0 rts-threshold USR5453-AP#add supported-rate wlan0 rate MAC Filtering USR5453-AP#get supported-rate wlan0 rate Set bss wlan0bssGuest mac-acl-name Guest Specify an Accept or Deny ListAdd MAC Addresses of Client Stations to the Filtering List Get bss interface mac-acl-mode Get Current MAC Filtering SettingsUSR5453-AP#remove mac-acl Guest mac USR5453-AP#get bss wlan0bssGuest mac-acl-mode accept-list QoS Command Quality of ServiceLoad Balancing QoS Command Example Enable/Disable Wi-Fi Multimedia Understanding the Queues for Access Point and Station About Access Point and Station Edca ParametersData Access Point Station USR5453-AP#get wme-queue Get QoS Settings on the Access PointGet QoS Settings on the Client Station Set Arbirtation Interframe Spaces Aifs Set wme-queue wlan0 with queue QueueName to aifs AIFSValue Setting Minimum and Maximum Contention Windows cwmin, cwmaxUSR5453-AP#set wme-queue wlan0 with queue vo to aifs USR5453-AP#set wme-queue wlan0 with queue vi cwmin 7 cwmax Set the Maximum Burst Length burst on the Access PointSet tx-queue wlan0 with queue QueueName to burst burstValue USR5453-AP#set tx-queue wlan0 with queue data2 to burst USR5453-AP#set wme-queue wlan0 with queue vo to txop-limit Getting Details on a WDS Configuration Wireless Distribution SystemConfiguring a WDS Link USR5453-AP#set interface wlan0wds0 remote-mac 00E0B8761B14 Set ntp server ntp.instant802.com Time ProtocolUSR5453-AP#get ntp detail USR5453-AP#factory-reset Reboot the Access PointReset the Access Point to Factory Defaults Keyboard Shortcuts and Tab Completion Help Tab Completion and Help Keyboard ShortcutsAction on CLI Keyboard Shortcut USR5453-AP#get system v USR5453-AP#get system version CLI Class and Field Overview USR5453-AP# set mac-acl Field Reference on Has name? \ # of instances? One Multiple CLI Class Relationships Association Class IndexClass Description Interface AuthenticatedField Index Station Basic-rate Bridge-port Path-cost BssPriority Radio StatusDescription Beacon-interface Max-stations MacDtim-period Ignore-broadcast-ssid Cluster Open-system-authenticationChannel-planner Cluster-member No-external-updates ConfigDefault Debug Detected-ap Field Description Beacon-interval Capability Type Beacons Dhcp-clientErp Last-beacon Debug Dot11Host Dot11d Static-dns-12 Dns-12Domain Static-domain Interface Mask Static-ip Rx-errorsType Static-mask Rx-multicast Tx-errorsRx-compressed Tx-packets Ip-route Log JvmKickstartd Gateway Number Log-entryDepth Time Message Mac-aclNtp Server Welcome-screen PortalWelcome-screen-text Max-bss Channel-policy Tx-powerMax-bss Mode Fragmentation-threshold WmewifinoacktestRts-threshold Load-balance-disassociation-utilization Snmp Radius-userSerial Ro-community System SshSupported-rate Rw-community Password-initialized PasswordEncrypted-password Telnet Community Tx-queueQueue Web-ui Wme-queue Professional Access Point Detection Utility does not find Possible Solution Access point Cannot access the Web User Interface My wireless device cannot find the wireless network Possible Solution Wireless Distribution System WDS Problems and Solutions Am experiencing poor wireless link quality Cluster Recovery Reboot or Reset Access Point Stop Clustering and Reset Each Access Point in the Cluster Click Stop Clustering Professional Access Point Administrator Guide Support Information Country Webmail Voice UAE FCC Radiation Exposure Statement Declaration of ConformityDetachable Antenna Information Radio and Television Interference Industry Canada IC For Canadian UsersUL Listing/CUL Listing CE Compliance Declaration of Conformity EU Health Protection Regulatory Channel FrequencyEU Detachable Antenna Information Professional Access Point Administrator Guide Professional Access Point Administrator Guide Robotics Corporation Two 2 Year Limited Warranty Obtaining Warranty Service Limitations Disclaimer 802.2 802802.1x 802.3 802.11e 802.11b802.11d 802.11f AES Broadcast BeaconBridge Broadcast Address CGI BssidCcmp CSMA/CA DNS DCFDhcp DOM ESS EAPEdcf Ethernet Html FrameGateway Http Ieee Infrastructure ModeIbss Intrusion Detection Jitter IPSecISP Latency LLC LANLdap MAC NTP NATNIC OSI PHY PacketPacket Loss PID PPP PSK Rssi RadiusRC4 RTP Ssid SnmpSTP TCP/IP Supported Rate SetTCP Tkip URL UDPUnicast Vlan WEP WANWDS Wins Wrap WMM WPAWPA2 XML Index DCF Ieee Snmp WDS Index-328