3Com OfficeConnect WX1200 Release Note page 10
Wireless lan switch and controller mss version 3.0
Hide thumbs
Also See for OfficeConnect WX1200:
- Command reference manual (646 pages) ,
- Reference manual (520 pages) ,
- Quick start manual (10 pages)
Advertisement
10
W
LAN S
IRELESS
WITCH AND
authenticate with network services and logon to their
local PC.
A Pass result for 3Com VSAs indicates that the
VSAs were able to be added to the RADIUS server
manually. Future versions of Steel Belted RADIUS
and FreeRadius are planned to include standard
definitions of the 3Com VSAs.
Funk Steel Belted Radius version used for testing is
4.53
Windows 2000 with Service Pack 4
Cisco ACS 3.2 or later is required to support
PEAP-MS-CHAP-V2
WPA
3Com conducted WPA compatibility testing with a
variety of NICs. See "Wireless NICs" for complete
details of the results. If you choose to use WPA to
secure your wireless network, please note the follow-
ing:
CCMP (AES 802.11i draft support) is supported
only when it is the only encryption type enabled on
that SSID. Enabling TKIP or Dynamic WEP on the
same SSID with CCMP can cause serious connec-
tivity issues as most clients do not properly support
this configuration. 3Com recommends that you
create a separate service profile and SSID for
WPA/CCMP.
Enabling TKIP and Dynamic WEP on the same SSID
is not recommended. This configuration forces the
group key (multicast/broadcast key) to use the
lowest common encryption type, in this case
C
MSS V
3.0 R
ONTROLLER
ERSION
N
ELEASE
OTES
Dynamic WEP. Additionally, compatibility with
wireless NICs is reduced.
Downloading the latest drivers for your wireless
NIC is strongly recommended. See "802.1X Cli-
ents" for specific information on installing drivers
for your operating system.
When a session key is changed, Microsoft WPA cli-
ents can sometimes incorrectly start using the new
key before the end of the four-way handshake that
is used to establish the key information. This issue
can occur when the session timeout for the client
session expires. As a result, the MAP rejects the cli-
ent's re-association attempt because the key infor-
mation presented by the client is invalid. If you
experience this issue, clear the Session-Timeout
attribute on the affected users. The WX switch will
not force a reauthentication of WPA/TKIP and
WPA/CCMP users periodically like it does with
dynamic WEP users.
Do not use the set service-profile
shared-key-auth command in a WPA configura-
tion. This command does not enable PSK authenti-
cation for WPA. To enable PSK for WPA, use the
set service-profile auth-psk command.
Use one WPA authentication method per SSID,
either 802.1X authentication or preshared key
(PSK) authentication, but not both.
Security—best practice when mixing encrypted
access and clear access
It is possible to configure a RADIUS server or a WX
switch's local authentication database so that a user
with encrypted access and a user with unencrypted
Advertisement
