authentication timeout (for more information, see page 18-6). To view the current 802.11g security
settings, use the show interface wireless g command (not shown in example).
Foundry AP(config)#interface wireless g
Enter Wireless configuration commands, one per line.
Foundry AP(if-wireless g)#vap 0
Foundry AP(if-wireless a: VAP[0])#authentication wpa required
Data Encryption is set to Enabled.
WPA2 Clients mode is set to Disabled.
WPA Clients Mode is set to Required.
WPA Multicast Cipher is set to TKIP.
WPA Unicast Cipher can accept TKIP only.
WPA Authentication is set to 802.1X Required.
Foundry AP(if-wireless g: VAP[0])#802.1x broadcast-key-refresh-rate 100
Foundry AP(if-wireless g: VAP[0])#802.1x session-timeout 30
Foundry AP(if-wireless g: VAP[0])#
Using WPA2 over 802.1x also allows you to enable pre-authentication and set the PMKSA lifetime.
From the VAP interface configuration level, use the 802.1x pre-authentication command to enable
this feature for fast roaming. Use the pmksa-lifetime command to set the maximum time for fast
roam back capability.
Foundry AP(if-wireless a: VAP[0])#802.1x pre-authentication enable
Foundry AP(if-wireless g: VAP[0])#pmksa-lifetime 60
Foundry AP(if-wireless g: VAP[0])#
802.1x pre-authentication
This command enables WPA2 pre-authentication for fast secure roaming.
Syntax
802.1x pre-authentication <enable | disable>
• enable - Enables pre-authentication for the VAP interface.
• disable - Disables pre-authentication for the VAP interface.
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
• Each time a client roams to another access point it has to be fully re-authenticated. This
authentication process is time consuming and can disrupt applications running over the
network. WPA2 includes a mechanism, known as pre-authentication, that allows clients to roam
to a new access point and be quickly associated. The first time a client is authenticated to a
wireless network it has to be fully authenticated. When the client is about to roam to another
access point in the network, the access point sends pre-authentcation messages to the new
access point that include the client's security association information. Then when the client
sends an association request to the new access point the client is known to be already
authenticated, so it proceeds directly to key exchange and association.
December 2006
© 2006 Foundry Networks, Inc.
Wireless Security Configuration
21-17
Need help?
Do you have a question about the IronPoint 200 and is the answer not in the manual?