•
MSR3600-51F.
Configuring WLAN security
Configuration task list
To configure WLAN security in a service template, map the service template to a radio policy, and
add radios to the radio policy. The SSID name, advertisement setting (beaconing), and encryption
settings are configured in the service template. You can configure an SSID to support any
combination of WPA, RSN, and Pre-RSN clients
Task
Enabling an authentication method
Configuring the PTK lifetime
Configuring the GTK rekey method
Configuring security IE
Configuring cipher suite
Configuring port security
Enabling an authentication method
You can enable open system or shared key authentication or both.
To enable an authentication method:
Step
1.
Enter system view.
2.
Enter WLAN service
template view.
3.
Enable the authentication
method.
Configuring the PTK lifetime
A pairwise transient key (PTK) is generated through a four-way handshake, during which, the
pairwise master key (PMK), an AP random value (ANonce), a site random value (SNonce), the AP's
MAC address and the client's MAC address are used.
Command
system-view
wlan service-template
service-template-number crypto
authentication-method
{ open-system | shared-key }
36
Remarks
Required
Optional
Optional
Required
Required
Optional
Remarks
N/A
N/A
Optional.
By default, open system
authentication is adopted.
•
The shared-key
authentication can be
adopted only when WEP
encryption is used, and you
must configure the
authentication-method
shared-key command.
•
For RSN and WPA, the
authentication method must
be open system
authentication.