Manualshelf

User manual

ManualsBrandsRedline Communications ManualsComputer equipmentAN-50e
111112113114115116117118119120
AN-80i User Manual
70-00072-01-10 Proprietary Redline Communications © 2011 Page 120 of 152 March 2, 2011
8.2 Standard Security Mode
This section describes using the AN-80i security features in standard (non-FIPS) mode.
Important: When operating in standard security (non FIPS) mode, the wireless
authentication, SSH, and HTTPS algorithms use only certificate and key files loaded in
the user (usr) table.
8.2.1 Wireless Authentication
Wireless authentication is a standard feature on all AN-80i systems.
Out-of-Box Operation
Wireless authentication is not
supported out of box. Each AN-80i system to use wireless
authentication must meet the following requirements:
1. The operator must generate and load X.509 certificate and key files
2. The wireless certificate and key files must be loaded into the user (usr) table. The
files can only be loaded using the CLI interface (Telnet or SSH).
Load Wireless X.509 Certificate and Key Files
Use the following steps to setup wireless authentication:
1. Use a commercially available tool to create the required X.509 certificates and keys.
The filenames used must comply with the following requirements:
usr_wacert_<mac>.der X.509 authority certificate
usr_wcert_<mac>.der X.509 certificate
usr_wkey_<mac>.der Private key
2. Copy the certificate and key files to the default directory of a TFTP server.
3. Use the Command 'load' to copy the certificate and key files from the TFTP server to
the AN-80i.
4. Use the command 'show files usr' to verify the files have been successfully loaded.
5. Reboot the AN-80i to activate changes to the key files.
Enable Authentication
The wireless X.509 certificate and key files must
be loaded into the usr table and the
AN-80i rebooted to activate the new keys before wireless authentication can be enabled.
Use one of the following methods to enable authentication:
CLI: set x509auth on
Web: Configuration screen -> Wireless Security Configuration:
X.509 Authentication Enable
Note: Save the configuration to activate changes.
Example
Load certificate files and key from the TFTP server at 192.168.25.10 to the AN-80i having MAC
address 00 09 02 01 C1 9A.
192.168.25.2# load file 192.168.25.10 usr_wacert_00-09-02-01-C1-9A.der usr tftp
192.168.25.2# load file 192.168.25.10 usr_wcert_00-09-02-01-C1-9A.der usr tftp
192.168.25.2# load file 192.168.25.10 usr_wkey_00-09-02-01-C1-9A.der usr tftp
192.168.25.2# show files usr
dsa_key.pem size=672 md5=fa9bd7a1f465fd7e9fed30150b0608c4
usr_wkey.der size=1194 md5=1c5c5ddd0f08604a3b48cf41a8570557
usr_wacert.der size=1144 md5=ff0ce6923fc67a02d1e7bc6fa4856f94
usr_wcert.der size=999 md5=82b115af9dba510e5af8ce558e964265
192.168.25.2# reboot
4Gon www.4Gon.co.uk info@4gon.co.uk Tel: +44 (0)1245 808295 Fax: +44 (0)1245 808299