SMC Networks EliteConnect SMC2555W-AG2 User Manual page 129

6
System Configuration
to enable data encryption. To view the current security settings, use the show
interface wireless a 0 or show interface wireless g 0 command (not shown in
example).
Enterprise AP(if-wireless g)#vap 0
Enterprise AP(if-wireless g: VAP[0])#802.1X required
Enterprise AP(if-wireless g: VAP[0])#802.1X
broadcast-key-refresh-rate 5
Enterprise AP(if-wireless g: VAP[0])#802.1X
session-key-refresh-rate 5
Enterprise AP(if-wireless g: VAP[0])#802.1X session-timeout 300
Enterprise AP(if-wireless g: VAP[0])#auth open-system
Enterprise AP(if-wireless g: VAP[0])#encryption
Enterprise AP(if-wireless g: VAP[0])#
Wi-Fi Protected Access (WPA)
WPA employs a combination of several technologies to provide an enhanced
security solution for 802.11 wireless networks.
The access point supports the following WPA components and features:
IEEE 802.1X and the Extensible Authentication Protocol (EAP): WPA employs
802.1X as its basic framework for user authentication and dynamic key
management. The 802.1X client and RADIUS server should use an appropriate EAP
type—such as EAP-TLS (Transport Layer Security), EAP-TTLS (Tunneled TLS), or
PEAP (Protected EAP)—for strongest authentication. Working together, these
protocols provide "mutual authentication" between a client, the access point, and a
RADIUS server that prevents users from accidentally joining a rogue network. Only
when a RADIUS server has authenticated a user's credentials will encryption keys
be sent to the access point and client.
Note: To implement WPA on wireless clients requires a WPA-enabled network card
driver and 802.1X client software that supports the EAP authentication type that
you want to use. Windows XP provides native WPA support, other systems
require additional software.
Temporal Key Integrity Protocol (TKIP): WPA specifies TKIP as the data
encryption method to replace WEP. TKIP avoids the problems of WEP static keys by
dynamically changing data encryption keys. Basically, TKIP starts with a master
(temporal) key for each user session and then mathematically generates other keys
to encrypt each data packet. TKIP provides further data encryption enhancements
by including a message integrity check for each packet and a re-keying mechanism,
which periodically changes the master key.
WPA Pre-Shared Key Mode (WPA-PSK, WPA2-PSK): For enterprise deployment,
WPA requires a RADIUS authentication server to be configured on the wired
network. However, for small office networks that may not have the resources to
configure and maintain a RADIUS server, WPA provides a simple operating mode
that uses just a pre-shared password for network access. The Pre-Shared Key
mode uses a common password for user authentication that is manually entered on
6-78
7-65
7-66
7-67
7-67
7-121
7-120