Configuring WLAN security
Configuration task list
To configure WLAN security in a service template, map the service template to a radio policy, and add
radios to the radio policy. The SSID name, advertisement setting (beaconing), and encryption settings are
configured in the service template. You can configure an SSID to support any combination of WPA, RSN,
and Pre-RSN clients
Complete these tasks to configure WLAN security configuration tasks.
Task
Enabling an authentication method
Configuring the PTK lifetime
Configuring the GTK rekey method
Configuring security IE
Configuring cipher suite
Configuring port security
Enabling an authentication method
You can enable open system or shared key authentication or both.
To enable an authentication method:
To do...
Enter system view
1.
Enter WLAN service
template view.
2.
Enable the authentication
method.
Configuring the PTK lifetime
A PTK is generated through a four-way handshake, during which, the PMK, an AP random value (ANonce),
a site random value (SNonce), the AP's MAC address and the client's MAC address are used.
To configure the PTK lifetime:
Use the command...
system-view
wlan service-template
service-template-number crypto
authentication-method { open-system |
shared-key }
31
Remarks
Required
Optional
Optional
Required
Required
Optional
Remarks
—
—
Optional.
Open system authentication
method is used by default.
Shared key authentication is
usable only when WEP
encryption is adopted. In this
case, you must configure the
authentication-method
shared-key command.
For RSN and WPA, open
system authentication is
required.