Example wireless configuration process – Extreme Networks Summit 300-48 User Manual

Page 91

Advertising
background image

Example Wireless Configuration Process

Summit 300-48 Switch Software User Guide

91

Example Wireless Configuration Process

This section provides an example of the configuration process. First, the wireless management VLAN is
configured, IP addresses are assigned, and RF profiles are created and configured. Next, the security
profile is created, with examples given for WEP and dot1x security. Finally, example steps are provided
for assigning profiles to ports.

NOTE

The commands provided in each step are examples.

dot1x multicast-cipher <value>

wep

aes | tkip | wep

Specifies the cipher suite to use for
legacy 802.1x or WPA clients. If the
mcast cipher suite is

aes

, then the

unicast cipher suite is AES. If the mcast
cipher suite is

tkip

or

wep

, the unicast

cipher suite is TKIP. Specifying this has
no effect if non-WPA clients are used. If
non-WPA clients are used, then WEP
encryption is used for both unicast and
broadcast. The key length for non-WPA
clients is specified using the

encryption-length

property above.

Also, if both WPA and non-WPA clients
are on the same VLAN, then the packet
is broadcast twice (once with each
encryption key).

dot1x auth-suite dot1x

Sets the authentication suite to be dot1x,
which means that keys are dynamically
generated. Keys are not pushed from the
RADIUS server, but are generated on the
access point. This is valid only for WPA
clients.

dot1x auth-suite psk pre-shared-key
<value> <string> vlan <vlan name>

hex | plaintext |
passphrase

Specifies pre-shared keys to be the
authentication-suite for dot1x. The key
can be specified as a hex key or
passphrase or plaintext. Plaintext keys
are converted to hex keys by using the
ASCII values of the various characters in
the key. The length of the key must 32
bytes (64 hex digits, or 32 characters
when using plaintext keys). For
passphrases, the key must be at least 8
characters long. All clients authenticated
using this policy are placed into the
specified VLAN.

dot1x group-update-timer <integer>

1

1-1440

Specifies the time used to re-key the
broadcast key (in minutes).

dot1x pairwise-update-timer <integer>

1

1-1440

Specifies the time interval at which
session keys are refreshed (in minutes).

dot1x reauth-period <integer>

3600

60-60,000

Specifies the time interval (in seconds) at
which the clients will need to
re-authenticate.

Table 34: Security Profile Command Property Values (continued)

Case

Default Ranges

Action

Advertising
Popular Brands
Popular manuals