Manualshelf

Specifications

ManualsBrandsAlcatel ManualsComputer equipmentOmniAccess AP61
231232233234235236237238239240
OmniAccess Reference: AOS-W System Reference
212 Part 031652-00 May 2005
RF Deauthentication Debugging
Using Alcatel Air Management features, Alcatel APs can identify other APs and
client stations that violate configured protection policies. The Alcatel APs can
also be configured to send deauthentication frames (or laser-beams) to prevent
the offending AP or client station behavior (refer to the Alcatel AOS-W User's
Guide).
Since deauthentication frames are spoofed on behalf of the AP or client sta-
tion, the true source of packet is not evident. However, deauthentication
debugging reveals the source of these packets to help verify that enforcement
policies are behaving as expected. To enable or disable this feature, use the fol-
lowing CLI configuration command:
(config) # wms general laser-beam-debug {enable|disable}
When enabled, Alcatel APs alter their deauthentication frames to include their
own MAC address. This identifies the source of the laser-beam to packet cap-
ture software or inspection equipment (“sniffers”) and nullifies the deauthenti-
cation effect.
Because debugging disables the intended deauthentication, is should be
turned off except when debugging is required.
Certificates
This section of the chapter deals with authentication certificates. Certificates
provide strong security when authenticating users and computers and
eliminate the need for less secure password based authentication schemes.
Three authentication methods use certificates: Extensible Authentication
Protocol-Transport Level Security (EAP-TLS), Protected Extensible
Authentication Protocol (PEAP), and TTLS. Alcatel AOS-W employs all three.
This section will describe the process of acquiring certificates for
authenticating servers (server certificates) and for authenticating clients (client
certificates).
Introduction to Server, Client, and CA Certificates
Client Certificates and Certificate Verification
Clients as well as the servers to which they attach may hold authentication
certificates that validate their identity. When a client connects to a server for
the first time, or the first time since its previous certificate has expired or been
revoked, the server will request that the client transmit its authentication