Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout 3000

100

Security

4-66 Advanced Configuration

• WPAPre‐sharedKeyTypespecifiestheWPApre‐sharedkeytypeandthekeyforclient

authenticationwiththisradiointerfaceorVAP.IfyouusetheWPApre‐shared‐key,youmust

configureallwirelessclientswiththesamekeyenteredheretocommunicatewiththis

interfaceor

VAP.

– Hexadecimalusesakeymadeupofastringof64hexadecimalnumbers.

– Alphanumericusesakeyinaneasy‐to‐rememberformoflettersandnumbers.Thestring

mustbefrom8to63charactersandcanincludespaces.

– WPAPre‐SharedKeyspecifiesthepre‐sharedkeyin

theappropriateformatforthetypeof

keyyouselected:astringof64hexadecimalnumbers,orastringof8to63alphanumeric

characters.

802.1xAuthentication:

WirelessclientscanbeauthenticatedfornetworkaccessbycheckingtheirMACaddress

againstthelocaldatabaseconfiguredontheaccesspoint,or

byusingtheIEEE802.1xnetwork

accessauthenticationprotocoltolookuptheirMACaddressesonaRADIUSserver.The

802.1xprotocolcanalsobeconfiguredtocheckotherusercredentialssuchasausernameand

password.

• 802.1xSetup.IEEE802.1xisastandardframeworkfornetworkaccesscontrol

thatusesa

centralRADIUSserverforuserauthentication.Thiscontrolfeaturepreventsunauthorized

accesstothenetworkbyrequiringan802.1xclientapplicationtosubmitusercredentialsfor

authentication.The802.1xstandardusestheExtensibleAuthenticationProtocol(EAP)topass

usercredentials(eitherdigitalcertificates,usernamesandpasswords,

orother)fromtheclient

totheRADIUSserver.ClientauthenticationisthenverifiedontheRADIUSserverbeforethe

accesspointgrantsclientaccesstothenetwork.

The802.1xEAPpacketsarealsousedtopassdynamicunicastsessionkeysandstatic

broadcastkeystowirelessclients.Sessionkeysare

uniquetoeachclientandareusedto

encryptandcorrelatetrafficpassingbetweenaspecificclientandtheaccesspoint.Youcan

alsoenablebroadcastkeyrotation,sotheaccesspointprovidesadynamicbroadcastkeyand

changesitataspecifiedinterval.

Youcanenable802.1xasoptionallysupported

orasrequiredtoenhancethesecurityofthe

wirelessnetwork.

– Disableindicatesthattheaccesspointdoesnotsupport802.1xauthenticati onforany

wirelessclient.Aftersuccessfulwirelessassociationwiththeaccesspoint,eachclientis

allowedtoaccessthenetwork.

– Supportedindicatesthattheaccesspointsupports802.1x

authenticationonlyforclients

initiatingthe802.1xauthenticationprocess(thatis,theaccesspointdoesnotinitiate

802.1xauthenticati on).Forclientsinitiating802.1x,onlythosesuccessfullyauthenticated

areallowedtoaccessthenetwork.Forthoseclientsnotinitiating802.1x,accesstothe

networkisallowedaftersuccessfulwirelessassociationwiththe

accesspoint.

– Requiredindicatesthattheaccesspointenforces802.1xauthenticationforallassociated

wirelessclients.If802.1xauthenticationisnotinitiatedbyaclient,theaccesspointwill

initiateauthentication.Onlythoseclientssuccessfullyauthenticatedwith802.1xare

allowedtoaccessthenetwork.