Chapter 9 Wireless LAN Profiles

Table 35 Command Summary: Security Profile (continued)

COMMAND

DESCRIPTION

mac-auth delimiter calling-station-id

Select the separator the external server uses for the pairs

{colon dash none}

in MAC addresses in the Calling Station ID RADIUS

 

attribute.

mode {none wep wpa wpa2 wpa2-

Sets the security mode for this profile.

mix}

 

wep <64 128> default-key <1..4>

Sets the WEP encryption strength (64 or 128) and the

 

default key value (1 ~ 4).

 

If you select WEP-64 enter 10 hexadecimal digits in the

 

range of “A-F”, “a-f” and “0-9” (for example,

 

0x11AA22BB33) for each Key used; or enter 5 ASCII

 

characters (case sensitive) ranging from “a-z”, “A-Z” and

 

“0-9” (for example, MyKey) for each Key used.

 

If you select WEP-128 enter 26 hexadecimal digits in the

 

range of “A-F”, “a-f” and “0-9” (for example,

 

0x00112233445566778899AABBCC) for each Key used;

 

or enter 13 ASCII characters (case sensitive) ranging

 

from “a-z”, “A-Z” and “0-9” (for example,

 

MyKey12345678) for each Key used.

 

You can save up to four different keys. Enter the

 

default-key(1 ~ 4) to save your WEP to one of those

 

four available slots.

wep-auth-type {open share}

Sets the authentication key type to either open or share.

wpa-encrypt {tkip aes auto}

Sets the WPA/WPA2 encryption cipher type.

 

auto: This automatically chooses the best available

 

cipher based on the cipher in use by the wireless client

 

that is attempting to make a connection.

 

tkip: This is the Temporal Key Integrity Protocol

 

encryption method added later to the WEP encryption

 

protocol to further secure. Not all wireless clients may

 

support this.

 

aes: This is the Advanced Encryption Standard

 

encryption method, a newer more robust algorithm than

 

TKIP Not all wireless clients may support this.

 

 

wpa-psk {wpa_key wpa_key_64}

Sets the WPA/WPA2 pre-shared key.

[no] wpa2-preauth

Enables pre-authentication to allow wireless clients to

 

switch APs without having to re-authenticate their

 

network connection. The RADIUS server puts a

 

temporary PMK Security Authorization cache on the

 

wireless clients. It contains their session ID and a pre-

 

authorized list of viable APs.

 

Use the no parameter to disable this.

[no] reauth <30..30000>

Sets the interval (in seconds) between authentication

 

requests.

 

The default is 0.

 

 

idle <30..30000>

Sets the idle interval (in seconds) that a client can be idle

 

before authentication is discontinued.

 

The default is 300.

 

 

group-key <30..30000>

Sets the interval (in seconds) at which the AP updates the

 

group WPA/WPA2 encryption key.

 

The default is 1800.

 

 

[no] dot1x-eap

Enables 802.1x secure authentication. Use the no

 

parameter to disable it.

86

 

NXC CLI Reference Guide