Table of Contents
Advertisement
Chapter 11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Configuration parameters - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 11
• Preshared Key: The CN3000 uses the key you specify in the Key field to generate the
RADIUS profile
802.1x
This option enables support for users with 802.1x client software. The CN3000 supports
802.1x client software that uses EAP-TLS, EAP-TTLS, EAP-CIM, and PEAP.
Note: Using 802.1x without enabling WEP encryption is not recommended.
RADIUS profile
Select the RADIUS profile the CN3000 will use to validate user logins.
WEP encryption
Enable the use of dynamic WEP keys for all 802.1x sessions. Dynamic key rotation
occurs on key 1, which is the broadcast key. Key 0 is the pairwise key. It is automatically
generated by the CN3000.
Key length and key change interval are set in the Dynamic keys box.
WEP
Key 1, 2, 3, 4
The number of characters you specify for a key determines the level of encryption the
CN3000 will provide.
• For 40-bit encryption, specify 5 ASCII characters or 10 HEX digits.
• For 128-bit encryption, specify 13 ASCII characters or 26 HEX digits.
When encryption is enabled, wireless stations that do not support encryption cannot
communicate with the CN3000. The definition for each encryption key must be the same
on the CN3000 and all client stations. Keys must also be in the same position. For
example, if you are using key 3 to encrypt transmissions, then each client station must
also define key 3 to communicate with the CN3000.
Transmission key
Select the key the CN3000 will use to encrypt transmitted data. All four keys are used to
decrypt received data.
Key format
Select the format you used to specify the encryption keys:
ASCII
ASCII keys are much weaker than carefully chosen HEX keys. You can include ASCII
characters between 32 and 126, inclusive, in the key. However, note that not all client
stations support non-alphanumeric characters such as spaces, punctuation, or special
symbols in the key.
HEX
Your keys should only include the following digits: 0-9, a-f, A-F
Traffic
This option enables you to route specific types of wireless traffic through a GRE tunnel.
If Security > Authentication > Advanced settings > Access controller mode is set
tunnelling (GRE)
to Centralized:
• Authenticated 802.1x user traffic: Routes all 802.1x user traffic through the specified
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 221 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TKIP keys that encrypt the wireless data stream. Since this is a static key, it is not as
secure as the RADIUS option. Specify a key that is between 8 and 64 ASCII
characters in length. It is recommended that the preshared key be at least 20
characters long, and be a mix of letters and numbers.
GRE tunnel.
- Quick Links:
- Introduction
- Wireless Radio
- Logging in
- Reset Button
Hide quick links:
Advertisement
Table of Contents
