Chapter 6 Interfaces

Table 33 WLAN Interface Commands (continued)

COMMAND

DESCRIPTION

[no] mtu <576..2304>

Specifies the Maximum Transmission Unit, which is the maximum number of bytes

 

in each packet moving through this interface. The ZyWALL divides larger packets

 

into smaller fragments. The no command resets the MTU to 1500.

reauth <30..30000>

Sets the WPA2 reauthentication timer. This is at what interval wireless stations

 

have to resend usernames and passwords in order to stay connected. If a RADIUS

 

server authenticates wireless stations, the reauthentication timer on the RADIUS

 

server has priority.

 

 

security mode {none wep

Sets what type of security the wireless interface uses.

wpa wpa-wpa2 wpa2}

none: applies no security.

 

 

wep: WEP security (extremely weak).

 

wpa: WPA security.

 

wpa-wpa2: WPA/WPA2-Enterprise or WPA/WPA2-PSK security.

 

wpa2: WPA2 security (strongest option).

security wep <64 128>

Sets WEP encryption to use a 64 or 128 bit key and selects the default key.

default-key <1..4>

 

security wep mode <open

Sets the WEP encryption to use open or shared key authentication.

share>

 

security wpa <tkip aes> eap

Configures WPA enterprise security using TKIP or AES and an existing AAA

internal profile-nametls-

authentication method object (profile-name). Set the certificate the ZyWALL

cert certificate name

uses to authenticate itself to the wireless clients. The wireless clients must use

 

TTLS authentication protocol and PAP inside the TTLS secure tunnel.

security wpa <tkip aes> eap

Configures WPA enterprise security using TKIP or AES and an external server. Use

external

the security external command to specify the server’s address.

security wpa <tkip aes> psk

Configures WPA security using TKIP or AES and a Pre-Shared Key (PSK).

key psk-key

 

security wpa-wpa2 <tkip

This allows users to either use WPA or WPA2 enterprise security to connect to the

aes> eap internal profile-

wireless interface. You have to also configure to use either TKIP or AES and an

name tls-certcertificate

existing AAA authentication method object (profile-name). Set the certificate the

name

ZyWALL uses to authenticate itself to the wireless clients. The wireless clients

 

must use TTLS authentication protocol and PAP inside the TTLS secure tunnel.

 

 

security wpa-wpa2 <tkip

Configures WPA or WPA2 enterprise security using TKIP or AES and an external

aes> eap external

server. Use the security external command to specify the server’s address.

security wpa-wpa2 <tkip

Configures WPA or WPA2 security using TKIP or AES and a Pre-Shared Key (PSK).

aes> psk key psk-key

 

security wpa2 <tkip aes>

Configures WPA2 enterprise security using TKIP or AES and an existing AAA

eap internal profile-name

authentication method object (profile-name). Select the certificate the ZyWALL

tls-certcertificate name

uses to authenticate itself to the wireless clients. The wireless clients must use

 

TTLS authentication protocol and PAP inside the TTLS secure tunnel.

 

 

security wpa2 <tkip aes>

Configures WPA2 enterprise security using TKIP or AES and an external server.

eap external

Use the security external command to specify the server’s address.

security wpa2 <tkip aes>

Configures WPA2 security using TKIP or AES and a Pre-Shared Key (PSK).

psk key psk-key

 

[no] security dot1x acct ip

Sets the IP address and port number of an external accounting server.

port <1..65535>

 

[no] security dot1x auth ip

Sets the IP address and port number of an external authentication (RADIUS)

port <1..65535>

server.

[no] security dot1x activate

Enables IEEE 802.1x accounting and authentication.

[no] security external acct

Sets the IP address and port number of an external accounting server.

ip port <1..65535>

 

86

 

ZyWALL (ZLD) CLI Reference Guide