ZyAIR B-500 Wireless Access Point User’s Guide

 

 

Table 6-5 Wireless: WPA

 

 

 

 

LABEL

 

DESCRIPTION

 

 

ReAuthentication

Specify how often wireless stations have to reenter usernames and passwords in

Timer (in seconds)

order to stay connected. Enter a time interval between 10 and 9999 seconds. The

 

default time interval is 1800 seconds (30 minutes).

 

 

 

 

 

If wireless station authentication is done using a RADIUS

 

 

 

server, the reauthentication timer on the RADIUS server has

 

 

 

priority.

 

 

 

Idle Timeout

The ZyAIR automatically disconnects a wireless station from the wired network after

 

a period of inactivity. The wireless station needs to enter the username and

 

password again before access to the wired network is allowed. The default time

 

interval is 3600 seconds (or 1 hour).

WPA Group Key

The WPA Group Key Update Timer is the rate at which the AP (if using WPA-PSK

Update Timer

key management) or RADIUS server (if using WPA key management) sends a new

 

group key out to all clients. The re-keying process is the WPA equivalent of

 

automatically changing the WEP key for an AP and all stations in a WLAN on a

 

periodic basis. Setting of the WPA Group Key Update Timer is also supported in

 

WPA-PSKmode. The ZyAIR default is 1800 seconds (30 minutes).

6.11 802.1x Overview

The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management. Authentication can be done using the local user database internal to the ZyAIR (authenticate up to 32 users) or an external RADIUS server for an unlimited number of users.

See also the section on RADIUS in this User’s Guide.

6.12 Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default WEP encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled.

To use Dynamic WEP, enable and configure the RADIUS server (see section 6.20) and enable Dynamic WEP Key Exchange in the 802.1x screen. Ensure that the wireless station’s EAP type is configured to one of the following:

EAP-TLS

6-14

Wireless Security