User Guide

ManualsBrandsSMC Networks ManualsOtherEliteConnect SMC2552W-G2

121

122

123

124

125

126

127

128

129

130

Radio Interface

6-79

CLI Commands for WPA Over 802.1X Security – First set 802.1X to required using

the 802.1X command and set the 802.1X key refresh rates. Then 802.11g interface

configuration mode, use the vap command to access each VAP interface to

configure other security settings.

From the VAP interface configuration mode, use the authentication command to

select open system authentication and the encryption command to enable data

encryption. Use the wpa-clients command to set WPA to be required or supported

for clients. Use the wpa-mode command to enable WPA dynamic keys over 802.1X.

Set the broadcast and multicast key encryption using the multicast-cipher

command. To view the current security settings use the show interface

wireless g 0 command (not shown in example).

Configuring 802.1X

IEEE 802.1X is a standard framework for network access control that uses a central

RADIUS server for user authentication. This control feature prevents unauthorized

access to the network by requiring an 802.1X client application to submit user

credentials for authentication. The 802.1X standard uses the Extensible

Authentication Protocol (EAP) to pass user credentials (either digital certificates,

user names and passwords, or other) from the client to the RADIUS server. Client

authentication is then verified on the RADIUS server before the access point grants

client access to the network.

The 802.1X EAP packets are also used to pass dynamic unicast session keys and

static broadcast keys to wireless clients. Session keys are unique to each client and

are used to encrypt and correlate traffic passing between a specific client and the

access point. You can also enable broadcast key rotation, so the access point

provides a dynamic broadcast key and changes it at a specified interval.

Enterprise AP(config)#interface wireless g 7-88

Enter Wireless configuration commands, one per line.

Enterprise AP(if-wireless g)#vap 0

Enterprise AP(if-wireless g: VAP[0])#802.required 7-65

Enterprise AP(if-wireless g: VAP[0])#802.1X

broadcast-key-refresh-rate 5 7-66

Enterprise AP(if-wireless g: VAP[0])#802.1X

session-key-refresh-rate 5 7-67

Enterprise AP(if-wireless g: VAP[0])#802.1X session-timeout 300 7-67

Enterprise AP(if-wireless g: VAP[0])#authentication open 7-117

Enterprise AP(if-wireless g: VAP[0])#encryption 7-116

Enterprise AP(if-wireless g: VAP[0])#wpa-clients required 7-121

Enterprise AP(if-wireless g: VAP[0])#multicast-cipher TKIP 7-119

Enterprise AP(if-wireless g: VAP[0])#