Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRBT-4102

111

112

113

114

115

116

117

118

119

120

Security

RoamAbout RBT-4102 Wireless Access Point Configuration Guide 4-83

– Supported‐allowsWPA‐enab ledclientsandclientsonlycapableofsupportingWEPto

accessthenetwork.

• WPAKeyManagement:YoucanconfigureWPAtoworkinanenterpriseenvironmentusing

IEEE802.1xandaRADIUSserverforuserauthentication.Forsmallernetworks,youcan

configureWPAusingacommonpre

‐sharedkeyforclientauthenticationwiththeaccess

point.

– WPAauthenticationover802.1xsetsthisradiointerfaceorVAPtotheWPAenterprise

mode.ThismodeusesIEEE802.1xtoauthenticateusersandtodynamicallydistribute

encryptionkeystoclients.

– WPAPre‐sharedKeysetsthisradiointerfaceorVAP

totheWPAmodeforsmallnetworks.

Thismodeusesacommonpasswordstringthatismanuallydistributed.Youmust

configureallwirelessclientsassociatedwiththisradiointerfaceorVAPwiththe same

key.YoumustspecifythekeystringundertheWPAPre‐SharedKeyTypesectionof

the

SecuritySettingspage.

• MulticastCipherModeselectsanencryptionmethodfortheglobalkeyusedformulticastand

broadcasttraffic,whichissupportedbyallwirelessclientsassociatedwiththisradiointerface

orVAP.

– WEPspecifiesthatcommunicatingdevicesmustusethesameWEPkeytoencryptand

decryptradio

signals.WEPhasmanysecurityflaws,andisnotrecommendedfor

transmittinghighly‐sensitivedata.

– TKIPprovidesdataencryptionenhancementsincludingper‐packetkeyhashing(thatis,

changingtheencryptionkeyoneachpacket),amessageintegritycheck,anextended

initializationvectorwithsequencingrules,andare‐keyingmechanism.

–

AESdesignatedbytheNationalInstituteofStandardsandTechnologyasthesuccessorto

theDataEncryptionStandard(DES)encryptionalgorithm.

• WPAPre‐sharedKeyTypespecifiestheWPApre‐sharedkeytypeandthekeyforclient

authenticationwiththisradiointerfaceorVAP.IfyouusetheWPA

pre‐shared‐key,youmust

configureallwirelessclientswiththesamekeyenteredheretocommunicatewiththis

interfaceorVAP.

– Hexadecimalusesakeymadeupofastringof64hexadecimalnumbers.

– WPAPre‐SharedKeyspecifiesthepre‐sharedkeyintheappropriateformatforthetype

of

keyyouselected:astringof64hexadecimalnumbers,orastringof8to63alphanumeric

characters.

• 802.1xAuthentication:

WirelessclientscanbeauthenticatedfornetworkaccessbycheckingtheirMACaddress

againstthelocaldatabaseconfiguredontheaccesspoint,orbyusingtheIEEE802.1x

network

accessauthenticationprotocoltolookuptheirMACaddressesonaRADIUSserver.The

802.1xprotocolcanalsobeconfiguredtocheckotherusercredentialssuchasausernameand

password.

• 802.1xSetup.IEEE802.1xisastandardframeworkfornetworkaccesscontrolthatusesa

centralRADIUS

serverforuserauthentication.Thiscontrolfeaturepreventsunauthorized

accesstothenetworkbyrequiringan802.1xclientapplicationtosubmitusercredentialsfor

authentication.The802.1xstandardusestheExtensibleAuthenticationProtocol(EAP)topass

usercredentials(eitherdigitalcertificates,usernamesandpasswords,orother)fromtheclient

theRADIUSserver.ClientauthenticationisthenverifiedontheRADIUSserverbeforethe

accesspointgrantsclientaccesstothenetwork.