[. . . ] USER GUIDE SMC2555W-AG2 EliteConnectTM Universal 802. 11a/g 2. 4GHz/5GHz Wireless Access Point EliteConnectTM SMC2555W-AG2 Universal 2. 4GHz/5GHz Wireless Dual-Band Access Point The easy way to make all your network connections 20 Mason Irvine, CA 92618 Phone: (949) 679-8000 October 2008 Pub. # 149100033500E E102008-AP-R03 Information furnished by SMC Networks, Inc. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice. [. . . ] · WPA2: Clients using WPA2 over 802. 1X are accepted for authentication. · WPA2-PSK: Clients using WPA2 with a Pre-shared Key are accepted for authentication. · WPA-WPA2-mixed: Clients using WPA or WPA2 over 802. 1X are accepted for authentication. · WPA-WPA2-PSK-mixed: Clients using WPA or WPA2 with a Pre-shared Key are accepted for authentication. WPA Configuration ­ Each VAP interface can be configured to allow only WPA-enabled clients to access the network (Required), or to allow access to both WPA and WEP clients (Supported). (Default: Required) Cipher Suite ­ Selects an encryption method for the global key used for multicast and broadcast traffic, which is supported by all wireless clients. You should select WEP only when both WPA and WEP clients are supported. · AES-CCMP: AES-CCMP is used as the multicast encryption cipher. WPA Pre-Shared Key Type ­ If the WPA or WPA2 pre-shared-key mode is used, all wireless clients must be configured with the same key to communicate with the access point. · Hexadecimal ­ Enter a key as a string of 64 hexadecimal numbers. · Alphanumeric ­ Enter a key as an easy-to-remember form of letters and numbers. The string must be from 8 to 63 characters, which can include spaces. 6-82 Radio Interface The configuration settings for WPA are summarized below: Table 6-4. WPA Configuration Settings WPA and WPA2 pre-shared key only Encryption: Enabled Authentication Setup: WPA-PSK, WPA2-PSK, or WPA-WPA2-mixed Cipher Suite: WEP/TKIP/AES-CCMP WPA Pre-shared Key Type: Hex/ASCII WPA and WPA2 over 802. 1X Encryption: Enabled Authentication Setup: WPA, WPA2, WPA-WPA2-mixed Cipher Suite: WEP/TKIP/AES-CCMP (requires RADIUS server to be specified) 6 1: You must enable data encryption in order to enable all types of encryption in the access point. Select AES only if all clients support AES. CLI Commands for WPA Using Pre-shared Key Security ­ From the VAP interface configuration mode, use the auth wpa-psk required command to enable WPA Pre-shared Key security. To enter a key value, use the wpa-pre-shared-key command to specify a hexadecimal or alphanumeric key. To view the current security settings, use the show interface wireless a 0 or show interface wireless g 0 command (not shown in example). Enterprise AP(config)#interface wireless g Enter Wireless configuration commands, one per line. Enterprise AP(if-wireless g)#vap 0 Enterprise AP(if-wireless g: VAP[0])#wpa-pre-shared-key passphrase-key agoodsecret Enterprise AP(if-wireless g: VAP[0])#auth wpa-psk required Data Encryption is set to Enabled. Enterprise AP(if-wireless g: VAP[0])# 7-87 7-124 6-83 6 System Configuration CLI Commands for WPA Over 802. 1X Security ­ From the VAP interface configuration mode, use the auth wpa required command to select WPA over 802. 1X security. To view the current security settings, use the show interface wireless a 0 or show interface wireless g 0 command (not shown in example). Enterprise AP(config)#interface wireless g 7-87 Enter Wireless configuration commands, one per line. Enterprise AP(if-wireless g)#vap 0 Enterprise AP(if-wireless g: VAP[0])#auth wpa required Data Encryption is set to Enabled. Enterprise AP(if-wireless g: VAP[0])#802. 1X broadcast-key-refresh-rate 5 Enterprise AP(if-wireless g: VAP[0])#802. 1X 7-65 session-key-refresh-rate 5 Enterprise AP(if-wireless g: VAP[0])#802. 1X session-timeout 300 7-66 Enterprise AP(if-wireless g: VAP[0])# Configuring 802. 1X IEEE 802. 1X is a standard framework for network access control that uses a central RADIUS server for user authentication. This control feature prevents unauthorized access to the network by requiring an 802. 1X client application to submit user credentials for authentication. [. . . ] AES provides very strong encryption using a completely different ciphering algorithm to TKIP and WEP. Authentication The process to verify the identity of a client requesting network access. IEEE 802. 11 specifies two forms of authentication: open system and shared key. Backbone The core infrastructure of a network. The portion of the network that transports information from one central location to another central location where it is unloaded onto a local system. Basic Service Set (BSS) A set of 802. 11-compliant stations and an access point that operate as a fully-connected wireless network. Beacon A signal periodically transmitted from the access point that is used to identify the service set, and to maintain contact with wireless clients. Glossary-1 Glossary Broadcast Key Broadcast keys are sent to stations using 802. 1X dynamic keying. Dynamic broadcast key rotation is often used to allow the access point to generate a random group key and periodically update all key-management capable wireless clients. CSMA/CA Carrier Sense Multiple Access with Collision Avoidance. Dynamic Host Configuration Protocol (DHCP) Provides a framework for passing configuration information to hosts on a TCP/IP network. [. . . ]