Table 34 l – Extreme Networks Summit 300-48 User Manual

90

Summit 300-48 Switch Software User Guide

Unified Access Security

Table 34 lists the properties for the security profile configuration command.

Table 34: Security Profile Command Property Values

Case

Default Ranges

Action

ssid-in-beacon <value>

on

off | on

Turns on whether the SSID is published
in the beacon or not. If you set this to

off

then the beacon does not contain

the SSID and the client must know the
SSID before it can associate. Sniffing on
the beacon shows an empty SSID.

wep authentication <value> {vlan
<vlan_name>}

off

off | on

Enables open vs. shared authentication.
Setting this to

on

sets the interface for

shared authentication. Note that WEP
authentication must be on in order to use
wep encryption. (Open authentication with
WEP encryption is not supported). The
VLAN must be specified only if WEP
authentication is on. All WEP traffic gets
classified into this VLAN if WEP is on.

wep default-key-index <index>

0

0-3

Sets the index of the WEP key. The key
at the specified index must be configured
before you can set the default index for
WEP auth/encryption.

encryption-length

128

64 | 128

Sets the length of the encryption key
used for WEP or legacy dot1x clients. For
legacy dot1x clients, the switch generates
a random key based on the given length
and WEP encryption. WPA clients use
TKIP | AES as their cipher suite. This
command can be issued only if WEP
authentication is

on

or if dot1x

authentication is

all

(dot1x

authentication properties below).

wep key add <0-3>

[hex <hexoctets> | plaintext <string>]

hex

type: hex | plaintext

Adds the given WEP key at the given
index. This key is used for WEP
encryption as well as for EAP-MD5. If you
use hex mode, then the key should be
made up of hex digits (i.e. if
encryption-length is 64 the key should be
10 hex digits (64-24 (ICV) = 40bits = 5
bytes = 10 hex digits). When you specify
plaintext mode, the key is simply the ascii
value of the letters in the specified key
(i.e. A = 35 and so on...). Note that
plaintext does not mean passphrase.

wep key del <integer>

0

0-3

Deletes the specified WEP key. When
you delete a WEP key whose index is the
default WEP key index, then the default
index is changed automatically to the
lowest specified WEP key (or N/A if no
WEP keys have been specified).

dot1x authentication <value>

none

all | none | wpa

Enables dot1x authentication. Setting
dot1x to

all

implies legacy clients are

allowed (plain dot1x as well as WPA).
Setting dot1x authentication to

rsn

only

allows WPA clients. Setting dot1x to

None

will disable dot1x.