Manualshelf

User's Manual

ManualsBrandsUbiquiti Networks Manualscomputer componentsXR2
101102103104105106107108109110
© 2010 - 2015 Persistent Systems, LLC – All Rights Reserved102
WEB MANAGEMENT INTERFACE REFERENCE
1. From the “Update” menu, select whether to update only the currently managed
node (“Node”) or all nodes on the network. The “network (require all)” setting
will change security settings for all nodes in the network and will require all
nodes in the network be available for any changes to be applied. If not all
nodes are available, no changes will be applied. The “network (any available)”
setting will change security settings for all available nodes on the network.
Nodes that are not available will NOT be updated.
2. Select a Crypto Mode to match your network requirements. The “Crypto
Mode” menu selects the the encryption and authentication algorithms used to
secure Wave Relay
®
packets. The available set of crypto modes depends on the
node’s hardware capabilities. Newer Wave Relay
®
products have extra hardware
to support additional Suite-B algorithms (SHA-2 family and GCM) in comparison
to older Wave Relay
®
products, which do not. If you have a network of only
older hardware, “256-bit AES-CTR with HMAC-SHA-1” will be your only choice.
If you have a network with a mix of older and newer hardware, you should
Crypto Mode 256-bit AES-CTR with
HMAC-SHA-512
256-bit AES-
GCM
256-bit AES-CTR with
HMAC-SHA-1
Encryption Algo-
rithm
256-bit AES in counter mode
Authentication
Algorithm
HMAC-SHA-512 Galois MAC
(GMAC)
HMAC-SHA-1
MAC Tag Length 96-bits
Suite-B Algorithms Yes No (due to SHA-1)
Minimum Key
Length
512-bits (256-bit AES +
256-bit HMAC)
256-bits 512-bits (256-bit AES +
256-bit HMAC)
Maximum Key
Length
1280-bits (256-bit AES
+ 1024-bit HMAC)
256-bits 768-bits (256-bit AES +
512-bit HMAC)
SET KEY
The Set Key box enables users to change the current security configuration.
Changes can be applied to the current node only or to all the nodes in the Network
as specified by the Node List. Ensure all nodes are running the latest firmware
before making changes to the security configuration.
“Error: no security configuration” will be displayed if a node is booted without a key
set. An error will also be displayed if the key has been zeroized (see below).
The current key, if one is set, can be viewed by selecting “Display Key.” Since the
key is displayed in plaintext, view the key in a secure environment only. The “Display
Key” feature indicates the current Crypto Mode, Size, and Value of the key.