Aes Encryption; Out Of Box Operation; Enabling Aes; Ssh For Secure Cli - Redline RDL-3000 SC User Manual

Rdl-3000 family broadband wireless radio platforms

Hide thumbs Also See for RDL-3000 SC:

User manual (143 pages)

Installation manuallines (65 pages)

Configuration instructions (9 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

Table of Contents

RDL-3000 FAMILY

Example

Load certificate files and key from the TFTP server at 192.168.25.10 to the RDL-3000 having

MAC address 00 09 02 01 C1 9A.

192.168.25.2# load file 192.168.25.10 usr_wacert_00-09-02-01-C1-9A.der usr tftp

192.168.25.2# load file 192.168.25.10 usr_wcert_00-09-02-01-C1-9A.der usr tftp

192.168.25.2# load file 192.168.25.10 usr_wkey_00-09-02-01-C1-9A.der usr tftp

192.168.25.2#

dsa_key.pem size=672 md5=fa9bd7a1f465fd7e9fed30150b0608c4

usr_wkey.der size=1194 md5=1c5c5ddd0f08604a3b48cf41a8570557

usr_wacert.der size=1144 md5=ff0ce6923fc67a02d1e7bc6fa4856f94

usr_wcert.der size=999 md5=82b115af9dba510e5af8ce558e964265

192.168.25.2# reboot

...

192.168.25.2# set x509auth on

192.168.25.2# save config

6.3 AES Encryption

AES 128 bit wireless encryption is a standard feature on all RDL-3000 systems. AES

246-bit wireless encryption is an optional feature that may be purchased separately.

AES encryption is not supported on RDL-3000 systems.

Out of Box Operation

AES encryption is not supported out of box. Each RDL-3000 system to be use AES

encryption must meet the following requirements:

1. AES 128-bit:

An options key enabled for AES 128-bit operation must be obtained (no charge),

loaded on the RDL-3000, and be the currently active options key. AES 128-bit

operation is a standard feature for RDL-3000 systems.

2. AES 256-bit:

An options key enabled for AES 256-bit operation must be purchased, loaded on the

RDL-3000, and be the currently active options key. AES 256-bit operation is a

chargeable upgrade for RDL-3000 systems.

Enabling AES

Use the following steps to setup and enable AES encryption:

1. Obtain an AES-enabled upgrade options key for all communicating RDL-3000

systems.

2. Copy the new options key to each RDL-3000 and set this to be the active key.

3. Choose the same AES encryption setting on all communicating RDL-3000 systems.

A data link can be established only between systems with identical security settings.

Web:

4. Enter the shared key to be used for all communicating RDL-3000 units.

5. Save the configuration to active changes.

6.4 SSH for Secure CLI

SSH is a standard feature on all RDL-3000 systems. SSH provides secure access when

using the command line interface (CLI) to manage RDL-3000 equipment. When SSH is

required, TELNET (unsecured access) should be disabled. Use an SSH client (e.g.,

OpenSSH, Putty, etc) to access an RDL-3000 using SSH.

It is recommended that system operators generate a unique certificate and private-public

keys, and load these on the RDL-3000 before using the HTTPS feature in a production

environment.

70-00158-01-08

USER MANUAL

show files usr

Configuration screen -> Wireless Security Configuration: Encryption Type

(None, AES 128, AES 192, AES 256)

Page

137

of 150

December 7, 2011

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Rdl-3000 su Rdl-3000 m Enterprise

Aes Encryption; Out Of Box Operation; Enabling Aes; Ssh For Secure Cli - Redline RDL-3000 SC User Manual

6.3 AES Encryption

Out of Box Operation

Enabling AES

6.4 SSH for Secure CLI

Hide quick links:

Related Manuals for Redline RDL-3000 SC

Related Products for Redline RDL-3000 SC

This manual is also suitable for:

Table of Contents