Wireless Protection - Colubris Networks CN3000 Administrator's Manual

Chapter 11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Configuration parameters - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 11
Mask
Specify the appropriate subnet mask for the IP address you specified.
Wireless
Select the type of protection you want to use for the wireless network.
Important: 802.1x and WPA sessions are terminated by the CN3000. This means that
protection
the CN3000 handles all authentication tasks and must communicate with the RADIUS
server to validate login credentials. Therefore, the RADIUS server must be reachable.
WPA
This option enables support for users with WPA client software.
Key source
This option determines how the TKIP keys are generated.
• RADIUS: The CN3000 obtains the MPPE key from the RADIUS server. This is a
• Preshared Key: The CN3000 uses the key you specify in the Key field to generate the
RADIUS profile
802.1x
This option enables support for users with 802.1x client software. The CN3000 supports
802.1x client software that uses EAP-TLS, EAP-TTLS, EAP-CIM, and PEAP.
Note: Using 802.1x without enabling WEP encryption is not recommended.
RADIUS profile
Select the RADIUS profile the CN3000 will use to validate user logins.
WEP encryption
Enable the use of dynamic WEP keys for all 802.1x sessions. Dynamic key rotation
occurs on key 1, which is the broadcast key. Key 0 is the pairwise key. It is automatically
generated by the CN3000.
Key length and key change interval are set in the Dynamic keys box.
WEP
Key 1, 2, 3, 4
The number of characters you specify for a key determines the level of encryption the
CN3000 will provide.
• For 40-bit encryption, specify 5 ASCII characters or 10 HEX digits.
• For 128-bit encryption, specify 13 ASCII characters or 26 HEX digits.
When encryption is enabled, wireless stations that do not support encryption cannot
communicate with the CN3000. The definition for each encryption key must be the same
on the CN3000 and all client stations. Keys must also be in the same position. For
example, if you are using key 3 to encrypt transmissions, then each client station must
also define key 3 to communicate with the CN3000.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 216 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
dynamic key that changes each time the user logs in and is authenticated. The MPPE
key is used to generate the TKIP keys that encrypt the wireless data stream. Select
the appropriate RADIUS server.
TKIP keys that encrypt the wireless data stream. Since this is a static key, it is not as
secure as the RADIUS option. Specify a key that is between 8 and 64 ASCII
characters in length. It is recommended that the preshared key be at least 20
characters long, and be a mix of letters and numbers.