User's Manual

EnRoute50x/51x User’s Guide

TR0153 Rev. D2

CLI

The example below shows how to enable WPA-PSK mode for wlan1. The „wpa.key_mgmt‟

parameter must also be set to indicate that PSK mode is being used, as shown below.

> use wlan1

wlan1> set wpa.enable=yes

wlan1> set wpa.key_mgmt=”WPA-PSK”

wlan1> set wpa.passphrase=long_passphrases_improve_encryption_effectiveness

Web GUI

WPA-PSK can be enabled and the pre-shared key can be set via the web interface using the

“WPA/WEP” sub-tab under the “AAA” tab on the “System Parameters” page (see Figure 35).

Select “WPA-PSK” as the type of encryption/authentication from the drop-down menu for the

access point you wish to configure and enter the WPA-PSK key in the text box below the drop-

down menu. In the example in Figure 35, „wlan2‟ has been configured to use WPA-PSK.

9.8.3 WPA EAP Mode

In WPA-EAP mode, a client device is authenticated using an 802.1x authentication server,

which is typically a RADIUS server.

The supported EAP modes are:

TLS (X509v3 server & client certificates)

PEAP-TLS (X509v3 server & client certificates)

TTLS (X509v3 server certificate)

PEAP-MSCHAPv2 (X509v3 server certificate)

The following information must be provided about the RADIUS server:

address – the IP address of the 802.1x server that will be used for authentication

port – the port that the authentication server is listening on (UDP port 1812 by default)

secret – the shared secret for the authentication server. The secret must be a string that is

no longer than 32 characters in length.

CLI

To configure the EnRoute500 to support 802.1x authentication, the following parameters in a

„wlanN‟ interface must be set:

wpa.enable

wpa.key_mgmt

wpa.auth.server.addr