User's Manual

ManualsBrandsZyXEL ManualsSoftwareCommunications Network Router NOT AVAILABLE

Chapter 9 Wireless LAN Profiles

NXC CLI Reference Guide

mac-auth delimiter calling-station-id

{colon | dash | none}

Select the separator the external server uses for the pairs

in MAC addresses in the Calling Station ID RADIUS

attribute.

mode {none | wep | wpa | wpa2 | wpa2-

mix}

Sets the security mode for this profile.

wep <64 | 128> default-key <1..4> Sets the WEP encryption strength (64 or 128) and the

default key value (1 ~ 4).

If you select WEP-64 enter 10 hexadecimal digits in the

range of “A-F”, “a-f” and “0-9” (for example,

0x11AA22BB33) for each Key used; or enter 5 ASCII

characters (case sensitive) ranging from “a-z”, “A-Z” and

“0-9” (for example, MyKey) for each Key used.

If you select WEP-128 enter 26 hexadecimal digits in the

range of “A-F”, “a-f” and “0-9” (for example,

0x00112233445566778899AABBCC) for each Key used;

or enter 13 ASCII characters (case sensitive) ranging

from “a-z”, “A-Z” and “0-9” (for example,

MyKey12345678) for each Key used.

You can save up to four different keys. Enter the

default-key (1 ~ 4) to save your WEP to one of those

four available slots.

wep-auth-type {open | share} Sets the authentication key type to either open or share.

wpa-encrypt {tkip | aes | auto} Sets the WPA/WPA2 encryption cipher type.

auto: This automatically chooses the best available

cipher based on the cipher in use by the wireless client

that is attempting to make a connection.

tkip: This is the Temporal Key Integrity Protocol

encryption method added later to the WEP encryption

protocol to further secure. Not all wireless clients may

support this.

aes: This is the Advanced Encryption Standard

encryption method, a newer more robust algorithm than

TKIP Not all wireless clients may support this.

wpa-psk {wpa_key | wpa_key_64} Sets the WPA/WPA2 pre-shared key.

[no] wpa2-preauth Enables pre-authentication to allow wireless clients to

switch APs without having to re-authenticate their

network connection. The RADIUS server puts a

temporary PMK Security Authorization cache on the

wireless clients. It contains their session ID and a pre-

authorized list of viable APs.

Use the no parameter to disable this.

[no] reauth <30..30000> Sets the interval (in seconds) between authentication

requests.

The default is 0.

idle <30..30000> Sets the idle interval (in seconds) that a client can be idle

before authentication is discontinued.

The default is 300.

group-key <30..30000> Sets the interval (in seconds) at which the AP updates the

group WPA/WPA2 encryption key.

The default is 1800.

[no] dot1x-eap Enables 802.1x secure authentication. Use the no

parameter to disable it.

Table 35 Command Summary: Security Profile (continued)

COMMAND DESCRIPTION