Configuring security settings, Configuring security settings -24 – HP ProCurve 520wl Wireless Access Point User Manual

Page 37

Advertising

Other Security Configuration Settings

2-24

Upon receiving a reply EAP packet from the RADIUS, the message is typically forwarded to the client PC, after translating it

back to the EAPOL format. Negotiations take place between the client PC and the RADIUS server. After the client has been

successfully authenticated, the client PC receives an encryption key from the WL520 (if the EAP type supports automatic key

distribution). The client uses this key to encrypt data after it has been authenticated. For 802.11a, each client receives its own

unique encryption key; this is known as Per User Per Session Encryption keys. (This feature is only available when using 802.1x

mode; it is not available when in Mixed mode or using WEP encryption only).

configuring security settings

Click the 802.1x tab in the

Security Configuration

screen to set the 802.1x security mode for the WL520. (Note that the

configuration settings for standard encryption (that does not use 802.1x) are located on the Encryption page.) The WL520

software offers four security settings:

1. No security or encryption

No security or encryption

Set the 802.1x Security Mode to

none

on the 802.1x page and disable Encryption for both interface cards on the

Encryption page.

2. WEP encryption only on one or both wireless interfaces

WEP encryption only on one or both wireless interfaces

WEP encryption is the wireless equivalent of the security level available through a wired network. Select the 802.1x

Security Mode to

none

on the 802.1x page. Click the Encryption

Encryption

Encryption tab and

enable

the Encryption status for one or both

wireless PC Cards. The available Encryption Key Length varies based on the card type. See

Set WEP Encryption for

each Wireless Interface

3. 802.1x security (requires RADIUS server authentication)

802.1x security (requires RADIUS server authentication)

When you decide to use the 802.1x security mode, you must first configure the RADIUS server to receive an

authentication response (see

RADIUS Authentication Settings

for information on the server settings). Your computer

operating system must also be configured to receive and send authenticated packets. Then, set 802.1x Security Mode

802.1x Security Mode

to 802.1x. In addition, you must select an Encryption Key Length

Encryption Key Length

Encryption Key Length for each wireless interface (key size varies based on

card type) and a Re-keying Interval. The rekey feature determines how often your encryption key is changed (the

interval between changes) and can be set to any value between 60 - 65535 seconds. Rekeying frustrates hacking

attempts without taxing system resources. Setting a fairly frequent rekey value (900 seconds=15 minutes) effectively

protects against intrusion without disrupting network activities. For detailed configuration steps, see

Setting Up the

WL520 using 802.1x Security Mode

4. Mixed mode with 802.1x and WEP encryption

Mixed mode with 802.1x and WEP encryption

Mixed mode supports both 802.1x and WEP encryption simultaneously. To use this option, set 802.1x Security Mode

802.1x Security Mode

to Mixed and configure the 802.1x settings (Encryption Key Length and Re-keying interval), Encryption settings

(enable Encryption and enter key 1), and RADIUS server settings. For Encryption settings, enable Encryption on the

required interfaces and enter key 1 (keys 2-4 are not required).

NOTE:

In Mixed mode, when entering Encryption Key 1

Encryption Key 1

Encryption Key 1 on the Encryption page, you must use the same size key that you

configured for Encryption Key Length

Encryption Key Length

Encryption Key Length on the 802.1x page.

setting up the wl520 using 802.1x security mode

1. In the Web Interface, click the

Configure

button and select the

Security

tab.

2. Select the

802.1x

tab. Set the

802.1x Security Mode

to 802.1x

802.1x

802.1x or Mixed

Mixed

Mixed and click

NOTE:

Ignore the reboot message - this can be done when the entire procedure is finished.

3. Select the

RADIUS

tab and the

Radius Auth

sub-tab.

4. Enable the Primary RADIUS server. (You must specify information for at least the Primary RADIUS server. The Backup

RADIUS server is optional.)

5. Enter an

Authorization Lifetime

(the length of time, in seconds, that can elapse before a client session is automatically

re-authenticated). Range is 60 - 43200 seconds (in 60 sec increments); default is 900 sec.

6. Select a

Server Addressing Format

(either name or IP address). Use a server name only if you have enabled the DNS

Client functionality. See

RADIUS DNS Host Name Support

7. Enter the Server Name or IP Address for the Primary RADIUS server.
8. Enter the

Destination Port

. The default is 1812, however your RADIUS server provider may have another

communication port defined.

9. Enter the RADIUS server password in the

Shared Secret

and

Confirm Shared Secret

fields.

10. Configure the

Response Time

(the maximum time, in seconds, to wait for the RADIUS server to respond to a request)

and

Maximum Retransmission

(the maximum number of times a request may be retransmitted) values.

11. Reboot the WL520 device for these changes to take effect.

Advertising

Popular Brands

Popular manuals