User's Manual
Table Of Contents
- Compliances
- About This Manual
- Table of Contents
- Chapter 1 - Product Description
- Chapter 2 - Hardware Installation
- 2.1 Hardware Description
- 2.2 Installation Requirements
- 2.3 Installation
- 2.3.1 Attaching the SU-ODU to the Mounting Plate
- 2.3.2 Attaching the Mounting Plate to the Wi· unit
- 2.3.3 Connecting the Wi· unit to the SU-ODU
- 2.3.4 Preparing the Power Cable
- 2.3.5 Pre-Configuration and Testing
- 2.3.6 Mounting the Wi· Unit
- 2.3.7 Connecting the Grounding Cables
- 2.3.8 Connecting to Power Source
- 2.4 Post Installation Configuration of the AP/SU-ODU
- Chapter 3 - Initial Configuration
- Chapter 4 - System Configuration
- 4.1 Introduction
- 4.2 Advanced Configuration
- 4.3 SNMP
- 4.4 Radio Interface
- 4.5 Status Information
- Chapter 5 - Command Line Interface
- 5.1 Using the Command Line Interface
- 5.2 Entering Commands
- 5.2.1 Keywords and Arguments
- 5.2.2 Minimum Abbreviation
- 5.2.3 Command Completion
- 5.2.4 Getting Help on Commands
- 5.2.5 Partial Keyword Lookup
- 5.2.6 Negating the Effect of Commands
- 5.2.7 Using Command History
- 5.2.8 Understanding Command Modes
- 5.2.9 Exec Commands
- 5.2.10 Configuration Commands
- 5.2.11 Command Line Processing
- 5.3 Command Groups
- 5.4 General Commands
- 5.5 System Management Commands
- 5.5.1 country
- 5.5.2 prompt
- 5.5.3 system name
- 5.5.4 username
- 5.5.5 password
- 5.5.6 ip ssh-server enable
- 5.5.7 ip ssh-server port
- 5.5.8 ip telnet-server enable
- 5.5.9 ip http port
- 5.5.10 ip http server
- 5.5.11 ip http session-timeout
- 5.5.12 ip https port
- 5.5.13 ip https server
- 5.5.14 APmgmtIP
- 5.5.15 APmgmtUI
- 5.5.16 show apmanagement
- 5.5.17 show system
- 5.5.18 show version
- 5.5.19 show config
- 5.5.20 show hardware
- 5.6 System Logging Commands
- 5.7 System Clock Commands
- 5.8 DHCP Relay Commands
- 5.9 SNMP Commands
- 5.9.1 snmp-server community
- 5.9.2 snmp-server contact
- 5.9.3 snmp-server location
- 5.9.4 snmp-server enable server
- 5.9.5 snmp-server host
- 5.9.6 snmp-server trap
- 5.9.7 snmp-server engine-id
- 5.9.8 snmp-server user
- 5.9.9 snmp-server targets
- 5.9.10 snmp-server filter
- 5.9.11 snmp-server filter-assignments
- 5.9.12 show snmp groups
- 5.9.13 show snmp users
- 5.9.14 show snmp group-assignments
- 5.9.15 show snmp target
- 5.9.16 show snmp filter
- 5.9.17 show snmp filter-assignments
- 5.9.18 show snmp
- 5.10 Flash/File Commands
- 5.11 RADIUS Client
- 5.12 802.1X Authentication
- 5.13 MAC Address Authentication
- 5.14 Filtering Commands
- 5.15 WDS Bridge Commands
- 5.16 Spanning Tree Commands
- 5.17 Ethernet Interface Commands
- 5.18 Wireless Interface Commands
- 5.18.1 interface wireless
- 5.18.2 vap
- 5.18.3 speed
- 5.18.4 multicast-data-rate
- 5.18.5 channel
- 5.18.6 transmit-power
- 5.18.7 radio-mode
- 5.18.8 preamble
- 5.18.9 antenna control
- 5.18.10 antenna id
- 5.18.11 antenna location
- 5.18.12 beacon-interval
- 5.18.13 dtim-period
- 5.18.14 fragmentation-length
- 5.18.15 rts-threshold
- 5.18.16 super-g
- 5.18.17 description
- 5.18.18 ssid
- 5.18.19 closed-system
- 5.18.20 max-association
- 5.18.21 assoc-timeout-interval
- 5.18.22 auth-timeout-value
- 5.18.23 shutdown
- 5.18.24 show interface wireless
- 5.18.25 show station
- 5.19 Rogue AP Detection Commands
- 5.20 Wireless Security Commands
- 5.21 Link Integrity Commands
- 5.22 IAPP Commands
- 5.23 VLAN Commands
- 5.24 WMM Commands
- Appendix A - Troubleshooting
Radio Interface
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 109
packet encryption and key management as WPA in the enterprise, providing a
robust and manageable alternative for small networks.
Mixed WPA and WEP Client Support: WPA enables the access point to indicate
its supported encryption and authentication mechanisms to clients using its
beacon signal. WPA-compatible clients can likewise respond to indicate their WPA
support. This enables the access point to determine which clients are using WPA
security and which are using legacy WEP. The access point uses TKIP unicast
data encryption keys for WPA clients and WEP unicast keys for WEP clients. The
global encryption key for multicast and broadcast traffic must be the same for all
clients, therefore it restricts encryption to a WEP key.
When access is opened to both WPA and WEP clients, no authentication is
provided for the WEP clients through shared keys. To support authentication for
WEP clients in this mixed mode configuration, you can use either MAC
authentication or 802.1X authentication.
WPA2 – WPA was introduced as an interim solution for the vulnerability of WEP
pending the ratification of the IEEE 802.11i wireless security standard. In effect,
the WPA security features are a subset of the 802.11i standard. WPA2 includes
the now ratified 802.11i standard, but also offers backward compatibility with
WPA. Therefore, WPA2 includes the same 802.1X and PSK modes of operation and
support for TKIP encryption. The main differences and enhancements in WPA2
can be summarized as follows:
Advanced Encryption Standard (AES): WPA2 uses AES Counter-Mode
encryption with Cipher Block Chaining Message Authentication Code
(CBC-MAC) for message integrity. The AES Counter-Mode/CBCMAC Protocol
(AES-CCMP) provides extremely robust data confidentiality using a 128-bit
key. The AES-CCMP encryption cipher is specified as a standard requirement
for WPA2. However, the computational intensive operations of AES-CCMP
requires hardware support on client devices. Therefore to implement WPA2 in
the network, wireless clients must be upgraded to WPA2-compliant hardware.
WPA2 Mixed-Mode: WPA2 defines a transitional mode of operation for
networks moving from WPA security to WPA2. WPA2 Mixed Mode allows both
WPA and WPA2 clients to associate to a common SSID interface. In mixed
mode, the unicast encryption cipher (TKIP or AES-CCMP) is negotiated for
each client. The access point advertises its supported encryption ciphers in
beacon frames and probe responses. WPA and WPA2 clients select the cipher
they support and return the choice in the association request to the access
point. For mixed-mode operation, the cipher used for broadcast frames is
always TKIP. WEP encryption is not allowed.