•
•
Copyright © 2007, Nortel Networks
.
WPA2-PSK —WPA2 with PSK provides enhanced security over
WPA-PSK and can be used, if supported by the APs. Select one of
the following options:
— Passphrase—enter a passphrase. The passphrase can be from 1
to 63 ASCII characters or 64 hexadecimal digits. Do not choose a
simple word because password-cracking programs can easily extract
the key and gain illict access to the system. For more information,
see
"Choosing a passphrase" (page
–
Example: why2fear4WPA2-is-DEPLOYED_HERE
— Direct Entry—enter a preshared key code (hexadecimal number).
Note 1: Consult the Configuration Note for the installed APs for
information about whether WPA2-PSK is recommended for the AP.
Configure the recommended version on the AP and configure the
corresponding option on the Admin menu.
Note 2: WPA2-PSK settings must match the AP settings.
VPN —the selection of VPN for security requires that a secure tunnel
be established for the transfer of information. The data itself no longer
must be encrypted because the VPN tunnel is already encrypted.
VPN security requires a number of configuration steps, and is easily
configured using the Configuration Cradle. For more information, see
"Configuration Cradle for the WLAN Handset 2210/2211/2212" (page
48). VPN security is also closely tied with the VPN server configuration.
Only the WLAN Handset 2212 supports VPN security.
Note: The VPN server must support the handset configuration.
— VPN Server IP—the IP address of the VPN server on the public
(unsecure) side of the network.
— VPN Client IP—the IP address that appears to be part of the private
(or secure) network
–
Static IP—the address can be statically programmed in the
handset, in which case it must match the address assigned to
the handset in the VPN server.
–
IKE Mode Config—if the VPN server supports the ISAKMP
Mode Configuration, it can assign the IP address automatically.
— Phase 1—ISAKMP—this is the first phase of the tunnel negotiation
process. It establishes a set of security parameters (the ISAKMP
Security Association) that is used to encrypt the negotiation of the
actual tunnel parameters in Phase 2. In essence, Phase 1 protects
Phase 2.
Nortel Communication Server 1000
WLAN Handsets Fundamentals
NN43001-505 01.04 Standard
Release 5.0 4 September 2007
WLAN Handset 2210/2211/2212 103
105).