Cisco WAP121 Administration Manual page 100

Wireless-n access point with poe wireless-n selectable-band access point with poe

Hide thumbs Also See for WAP121:

Administration manual (179 pages)

Quick start manual (13 pages)

Datasheet (7 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

page of 155

/ 155
Contents
Table of Contents
Bookmarks

Table of Contents

Wireless Settings

WPS Setup

Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE

As with the PBC method, if the WAP device begins the enrollment transaction and

no client attempts to enroll after 120 seconds, the WAP device terminates the

pending transaction.

Optional Use of Built-In Registrar

Although the WAP device supports a built-in registrar for WPS, its use is optional.

After an external registrar has configured the WAP device, the WAP device acts as

a proxy for that external registrar, regardless if the WAP device's built-in registrar is

enabled (it is enabled by default).

Lockdown Capability

Each WAP device stores a WPS-compatible device PIN in nonvolatile RAM. WPS

requires this PIN if an administrator wants to allow an unconfigured WAP device

(that is, one with only factory defaults, including WPS being enabled on a VAP) to

join a network. In this "out-of-box" scenario, the administrator obtains the PIN value

from the configuration utility of the WAP device.

The administrator may wish to change the PIN if network integrity has been

compromised in some way. The WAP device provides a method for generating a

new PIN and storing this value in NVRAM. In the event that the value in NVRAM is

corrupted, erased, or missing, a new PIN is generated by the WAP device and

stored in NVRAM.

The PIN method of enrollment is potentially vulnerable by way of "brute force"

attacks. A network intruder could try to pose as an external registrar on the

wireless LAN and attempt to derive the WAP device's PIN value by exhaustively

applying WPS-compliant PINs. To address this vulnerability, in the event that a

registrar fails to supply a correct PIN in three attempts within 60 seconds, the WAP

device prohibits any further attempts by an external registrar to register the WAP

device on the WPS-enabled VAP for 60 seconds. However, wireless client stations

may enroll with the WAP device's built-in registrar, if enabled, during this

"lockdown" period. The WAP device also continues to provide proxy services for

enrollment requests to external registrars.

The WAP device adds an additional security mechanism for protecting its device

PIN. After the WAP device has completed registration with an external registrar,

and the resulting WPS transaction has concluded, the device PIN is automatically

regenerated.

100

Table of Contents

This manual is also suitable for:

Wap321

Cisco WAP121 Administration Manual page 100

Related Manuals for Cisco WAP121

Related Products for Cisco WAP121

This manual is also suitable for:

Table of Contents