Table of Contents
Advertisement
Chapter 8: Basic Configuration Examples
A PSK is the simplest way to provide client authentication and data encryption: simply configure an SSID with the same PSK on
the SmartPath AP and its clients. A PSK authenticates clients by the simple fact that the clients and SmartPath AP have the same
key. For data encryption, both the SmartPath AP and clients use the PSK as a pairwise master key (PMK) from which they
generate a pairwise transient key (PTK), which they use to encrypt unicast traffic. Although the PSK/PMK is the same on all
clients, the generated PTKs are different not only for each client but for each session.
Because of its simplicity, a PSK is suitable for testing and small deployments; however, there is a drawback with using PSKs on a
larger scale. All clients connecting through the same SSID use the same PSK, so if the key is compromised or a user leaves the
company, you must change the PSK on the SmartPath AP and all its clients. With a large number of clients, this can be very time-
consuming. For examples of key management solutions that are more suitable for large-scale deployments, see the 802.1X and
private PSK examples in Chapter 9. For the present goal of showing how to use SmartPath EMS to configure an SSID, the PSK
method works well.
To configure the SSID, log in to the SmartPath EMS GUI (see Section 7.1), click Configuration > SSIDs > New, enter the following,
and then click Save:
Profile Name: test1-psk (A profile name does not support spaces, although an SSID name does.)
The profile name is the name for the entire group of settings for an SSID. It can reference a captive Web portal;
include default or modified data rate settings; apply denial of service (DoS) policies, MAC filters, and schedules;
and specify the SSID name that the SmartPath AP advertises in beacons and probe responses. The profile
name—not the SSID name (although they can both be the same)—is the one that appears in the Available
SSIDs list in the WLAN Policy dialog box. You will later choose this SSID when defining a WLAN policy in Section
8.3.
When you type in a profile name, SmartPath EMS automatically fills in the SSID field with the same text string.
By default, the profile and SSID names are the same, yet they can also be different. You can create many differ-
ent SSID profiles, each with a different group of settings, but each with the same SSID name. For users, their cli-
ents connect to the same SSID at different locations. From the SmartPath AP perspective, each SSID profile
applies a different group of settings.
SSID: test1-psk
This is the SSID name that clients discover from beacons and probe responses.
Description: Test SSID for learning how to use the GUI; remove later
This note and the very name "test1-psk" are deliberately being used as reminders to replace this configuration later
with an SSID profile and SSID name that you really intend to use in your WLAN.
SSID Access Security: WPA/WPA2 PSK (Personal)
Use Default WPA/WPA2 PSK Settings: (select)
By default, when a SmartPath AP hosts a WPA/WPA2 PSK (Personal) SSID, it negotiates with clients over the use of WPA
or WPA2 for key management and TKIP or CCMP (AES) for encryption, and uses whichever methods each client sup-
ports. Also, the PSK text string is in ASCII format by default.
Key Value and Confirm Value: CmFwbo1121 (To see the text strings that you enter, clear the Obscure Password checkbox.)
With these settings, the SmartPath AP and its clients can use either WPA or WPA2 for key management, CCMP (AES) or
TKIP for data encryption, and the preshared key "CmFwbo1121" as the pairwise master key from which they each
generate pairwise transient keys.
Enable Captive Web Portal: (clear)
Enable MAC Authentication: (clear)
Page 78
724-746-5500 | blackbox.com
Advertisement
Chapters
Table of Contents
