Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

231

232

233

234

235

236

237

238

239

240

Encryption Configuration Scenarios

10-18 Configuring User Encryption

Encryption Configuration Scenarios

Thefollowingscenariosprovideexamplesofwaysinwhichyoucanconfigureencryptionfor

networkclients:

• EnablingWPAwithTKIPonpage 10‐18

• EnablingDynamicWEPinaWPANetworkonpage 10‐20

• ConfiguringEncryptionforMACClientsonpage 10‐22

Enabling WPA with TKIP

ThefollowingexampleshowshowtoconfigureMSStoprovideauthenticationandTKIP

encryptionfor801.XWPAclients.Thisexampleassumesthatpass‐throughauthenticationisused

forallusers.ARADIUSservergroupperformsallauthenticationandauthorizationfortheusers.

1. Createanauthenticationrulethatsendsall802.1Xusers

ofSSIDmycorpintheEXAMPLE

domaintotheservergroupshorebirdsforauthentication.Typethefollowingcommand:

RBT-8100# set authentication dot1x ssid mycorp EXAMPLE\* pass-through

shorebirds

2. CreateaserviceprofilenamedwpafortheSSID.Typethefollowingcommand:

RBT-8100# set service-profile wpa

3. SettheSSIDintheserviceprofiletomycorp.Typethefo llowingcommand:

RBT-8100# set service-profile wpa ssid-name wpa

4. EnableWPAinserviceprofilewpa.Typethefollowingcommand:

RBT-8100# set service-profile wpa wpa-ie enable

5. Displaytheserviceprofilewpatoverifythe changes.Typethefoll owingcommand:

RBT-8100# show service-profile sp1

ssid-name: mycorp ssid-type: crypto

Beacon: yes Proxy ARP: no

DHCP restrict: no No broadcast: no

Short retry limit: 5 Long retry limit: 5

Auth fallthru: none Sygate On-Demand (SODA): no

Enforce SODA checks: yes SODA remediation ACL:

Custom success web-page: Custom failure web-page:

Custom logout web-page: Custom agent-directory:

Static COS: no COS: 0

CAC mode: none CAC sessions: 14

User idle timeout: 180 Idle client probing: yes

Keep initial vlan: no Web Portal Session Timeout: 5

Web Portal ACL:

WEP Key 1 value: <none> WEP Key 2 value: <none>

WEP Key 3 value: <none> WEP Key 4 value: <none>

WEP Unicast Index: 1 WEP Multicast Index: 1

Shared Key Auth: NO

WPA enabled:

ciphers: cipher-tkip

authentication: 802.1X

TKIP countermeasures time: 60000ms