Wi-fi protected access (wpa) – SMC Networks SMC2552W-G2-17 User Manual
Page 120
Radio Interface
6-73
6
CLI Commands for WEP over 802.1X Security – Use the vap command to access
each VAP interface to configure the security settings. First set 802.1X to required
using the 802.1x command and set the 802.1X key refresh rates. Then, use the
authentication
command to select open system authentication and the encryption
command to enable data encryption. To view the current security settings, use the
show interface wireless g 0
command (not shown in example).
Wi-Fi Protected Access
(WPA)
WPA employs a combination of several technologies to provide an enhanced
security solution for 802.11 wireless networks.
The access point supports the following WPA components and features:
IEEE 802.1X and the Extensible Authentication Protocol
(EAP): WPA employs
802.1X as its basic framework for user authentication and dynamic key
management. The 802.1X client and RADIUS server should use an appropriate EAP
type—such as EAP-TLS (Transport Layer Security), EAP-TTLS (Tunneled TLS), or
PEAP (Protected EAP)—for strongest authentication. Working together, these
protocols provide “mutual authentication” between a client, the access point, and a
RADIUS server that prevents users from accidentally joining a rogue network. Only
when a RADIUS server has authenticated a user’s credentials will encryption keys
be sent to the access point and client.
Note:
To implement WPA on wireless clients requires a WPA-enabled network card
driver and 802.1X client software that supports the EAP authentication type that
you want to use. Windows XP provides native WPA support, other systems
require additional software.
Temporal Key Integrity Protocol
(TKIP): WPA specifies TKIP as the data
encryption method to replace WEP. TKIP avoids the problems of WEP static keys by
dynamically changing data encryption keys. Basically, TKIP starts with a master
(temporal) key for each user session and then mathematically generates other keys
to encrypt each data packet. TKIP provides further data encryption enhancements
by including a message integrity check for each packet and a re-keying mechanism,
which periodically changes the master key.
Enterprise AP(if-wireless g)#vap 0
Enterprise AP(if-wireless g: VAP[0])#802.1X required
Enterprise AP(if-wireless g: VAP[0])#802.1X
broadcast-key-refresh-rate 5
Enterprise AP(if-wireless g: VAP[0])#802.1X
session-key-refresh-rate 5
Enterprise AP(if-wireless g: VAP[0])#802.1X session-timeout 300
Enterprise AP(if-wireless g: VAP[0])#interface wireless g
Enter Wireless configuration commands, one per line.
Enterprise AP(if-wireless g: VAP[0])#authentication open
Enterprise AP(if-wireless g: VAP[0])#encryption
Enterprise AP(if-wireless g: VAP[0])#