D-Link DWS-1008 User Manual page 184
Wireless 8 port switch with poe
Hide thumbs
Also See for DWS-1008:
- Cli reference manual (531 pages) ,
- Product manual (502 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
DWS-1008 User's Manual
• If the recalculated MIC does not match the MIC received with the frame, the frame fails
the integrity check. This condition is called a MIC failure. The access point or client
discards the frame and also starts a 60-second timer. If another MIC failure does not
occur within 60 seconds, the timer expires. However, if another MIC failure occurs
before the timer expires, the device takes the following actions:
The DWL-8200AP access point or client refuses to send or receive traffic encrypted with
TKIP or WEP for the duration of the countermeasures timer, which is 60,000 milliseconds
(60 seconds) by default. When the countermeasures timer expires, the access point allows
associations and reassociations and generates new session keys for them. You can set the
countermeasures timer for DWL-8200AP access point radios to a value from 0 to 60,000
milliseconds (ms). If you specify 0 ms, the radios do not use countermeasures but instead
continue to accept and forward encrypted traffic following a second MIC failure. However,
MSS still generates an SNMP trap to inform you of the MIC failure.
The MIC used by CCMP, CBC-MAC, is even stronger than Michael and does not require
or provide countermeasures. WEP does not use a MIC. Instead, WEP performs a cyclic
redundancy check (CRC) on the frame and generates an integrity check value (ICV).
WPA Authentication Methods
You can configure an SSID to support one or both of the following authentication methods for
WPA clients:
• 802.1X - The DWL-8200AP access point and client use an Extensible Authentication
Protocol (EAP) method to authenticate one another, then use the resulting key in a
handshake to derive a unique key for the session. The 802.1X authentication method
requires user information to be configured on AAA servers or in the switch's local
database. This is the default WPA authentication method.
• Preshared key (PSK) - An DWL-8200AP radio and a client authenticate one another
based on a key that is statically configured on both devices. The devices then use the
key in a handshake to derive a unique key for the session. For a given service profile,
you can globally configure a PSK for use with all clients. You can configure the key by
entering an ASCII passphrase or by entering the key itself in raw (hexadecimal) form.
D-Link Systems, Inc.
D-Link Systems, Inc.
• An DWL-8200AP access point that receives another frame with an invalid
MIC ends its sessions with all TKIP and WEP clients by disassociating from
the clients. This includes both WPA WEP clients and non-WPA WEP clients.
The access point also temporarily shuts down the network by refusing
all association or reassociation requests from TKIP and WEP clients. In
addition, MSS generates an SNMP trap that indicates the swich port and
radio that received frames with the two MIC failures as well as the source and
destination MAC addresses in the frames.
• A client that receives another frame with an invalid MIC disassociates from its
access point and does not send or accept any frames encrypted with TKIP or
WEP.
Configuring User Encryption
179
179
Advertisement
Table of Contents
