Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

231

232

233

234

235

236

237

238

239

240

Encryption Configuration Scenarios

10-20 Configuring User Encryption

Enabling Dynamic WEP in a WPA Network

ThefollowingexampleshowshowtoconfigureMSStoprovideauthenticationandencryptionfor

801.XdynamicWEPclients,andfor801.XWPAclientsusingTKIP.Thisexampleassumesthat

pass‐throughauthenticationisusedforallusers.Thecommandsarethesameasthosein

“EnablingWPAwithTKIP”on

page 10‐18,withtheadditionofacommandtoenableaWEP

ciphersuite.TheWEPciphersuiteallowsauthenticationandencryptionforbothWPAandnon‐

WPAclientsthatwanttoauthenticateusingdynam icWEP.

1. Createanauthenticationrulethatsendsall802.1XusersofSSIDmycorpintheEXAMPLE



domaintotheservergroupshorebirdsforauthentication.Typethefollowingcommand:

RBT-8100# set authentication dot1x ssid thiscorp EXAMPLE\* pass-throughhwork

shorebirds

2. Createaserviceprofilenamedwpa‐wepfortheSSID.Typethefollowingcommand:

RBT-8100# set service-profile wpa-wep

3. SettheSSIDintheserviceprofiletothiscorp.Typethefollowingcommand:

RBT-8100# set service-profile wpa-wep ssid-name thiscorp

4. EnableWPAinserviceprofilewpa‐wep.Typethefollowingcommand:

RBT-8100# set service-profile wpa-wep wpa-ie enable

5. EnabletheWEP40ciphersuiteinserviceprofilewpa‐wep.Typethefollowingcommand:

RBT-8100# set service-profile wpa-wep cipher-wep40 enable

6. Displaytheserviceprofilewpa‐weptoverifythechanges.Typethefollowingcommand:

RBT-8100# show service-profile sp1

ssid-name: mycorp ssid-type: crypto

Beacon: yes Proxy ARP: no

DHCP restrict: no No broadcast: no

Short retry limit: 5 Long retry limit: 5

Auth fallthru: none Sygate On-Demand (SODA): no

Enforce SODA checks: yes SODA remediation ACL:

Custom success web-page: Custom failure web-page:

Custom logout web-page: Custom agent-directory:

Static COS: no COS: 0

CAC mode: none CAC sessions: 14

User idle timeout: 180 Idle client probing: yes

Keep initial vlan: no Web Portal Session Timeout: 5

Web Portal ACL:

WEP Key 1 value: <none> WEP Key 2 value: <none>

WEP Key 3 value: <none> WEP Key 4 value: <none>

WEP Unicast Index: 1 WEP Multicast Index: 1

Shared Key Auth: NO

WPA enabled:

ciphers: cipher-tkip, cipher-wep40

authentication: 802.1X

TKIP countermeasures time: 60000ms

7. Mapserviceprofilewpa‐weptoradioprofilerp2.Typethefollowingcommands:

RBT-8100# set radio-profile rp2 service-profile wpa-wep