SL Multi-Channel Receiver DW Configuration of 802.1X Sennheiser electronic GmbH & Co. KG Am Labor 1, 30900 Wedemark, Germany, www.sennheiser.com AN 1267 v1.
Configuration of 802.1X SL Multi-Channel Receiver DW Contents Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Connecting to the SL Multi-Channel Receiver DW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SSH Connection with PuTTy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuration of 802.1X SL Multi-Channel Receiver DW Prerequisites For the 802.1X configuration of the SpeechLine Multi-Channel Receiver (SL MCR DW) some tools are needed: • SSH client tool We recommend using the PuTTY SSH client or a standard command line SSH client. Any SSH client capable of openssh keys can be used. • SCP client tool We recommend using the PuTTY SCP tool or a standard command line SCP client.
Configuration of 802.1X SL Multi-Channel Receiver DW SSH Connection with PuTTy In PuTTY there are three options which need to be set. On the left you can navigate through the configuration categories. Under Session you can enter the IP address of the SL MCR DW. Choose SSH connection on port 22. For easy reuse, you can save the settings with the Save button. Under Connection -> SSH -> Auth you can choose authentication via key file. Please browse for the key file pnac_key.
Configuration of 802.1X SL Multi-Channel Receiver DW Under Connection -> Data enter pnac as Auto-login username. Now connect to the SL MCR DW by pressing the Open button. A new window opens and the connection to the SL MCR DW is established. Using username „pnac“. Authenticating with public key „imported-openssh-key“ No password is set for 802.1X configuration. New Password: Retype password: Since this is the first connection you are asked to set a new password. This password must be retyped.
Configuration of 802.1X SL Multi-Channel Receiver DW SSH connection with the command line tool For the command line SSH the options are entered as arguments. The call must be as follows. $ ssh -i identity_file user@hostname The -i option is followed by the path of the key file pnac_key. Note that this is not the file pnac_key.ppk which was used with PuTTY, but the file without file extension. It is the same key but in another file format. The public key pnac_key.
Configuration of 802.1X SL Multi-Channel Receiver DW PuTTY PSCP tool understands the same options and arguments, but the option -scp is needed. $ pscp.exe -scp -i identity_file file user@hostname: Since PuTTY PSCP also uses another key file format the -i option needs to be followed by the path of the key file pnac-ft_key.ppk. Example During configuration you are asked to upload a certificate authority list. Now upload a Certificate Authority (CA) list. After successful upload enter the filename here.
Configuration of 802.1X SL Multi-Channel Receiver DW Configuring 802.1X Setting your password On your first SSH connection you will be asked to set a password for subsequent connections. The password characters you enter will not be echoed, so it won’t be readable on the screen. No password is set for 802.1X configuration.
Configuration of 802.1X SL Multi-Channel Receiver DW Setting the system time Certificates have a validity period. Therefore, it is crucial for the SL MCR DW to have a correct system time. With the d command you can set the system time. We highly recommend checking the system time as the first step of the configuration to make sure this will not lead to a problem later in the process. Current date and time is: Tue Jul 9 06:06:44 UTC 2019 Do you want to change the date and time? [Y/n]: y Year (e.g.
Configuration of 802.1X SL Multi-Channel Receiver DW An example configuration might look like this. Please enter your identity: user@example.org Now upload a Certificate Authority (CA) list. After successful upload enter the filename here. Filename: ca.pem Verifying Certificate Authority (CA) list... issuer= /C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin@example.org/CN=Example Certificate Authority Certificate Authority (CA) list is valid! Now upload your client certificate.
Configuration of 802.1X SL Multi-Channel Receiver DW EAP-PEAPv0/MSCHAPv2 For the EAP-PEAP authentication method, network clients need a certificate authority list with trusted certificates. The SL MCR DW supports certificates as per X.509 standard. PFX or PKCS#12 is currently not supported and must be converted before using them with the SL MCR DW. The client will later authenticate against the server with credentials. Welcome to the 802.1X configuration! Available commands: p - Print the current 802.
Configuration of 802.1X SL Multi-Channel Receiver DW Removing the 802.1X configuration If you wish to remove the configuration and all according files from the SL MCR DW, you can use the r command. There is no way to restore the information and files afterwards. Note that the r command will not remove your password for the SSH connection. Welcome to the 802.1X configuration! Available commands: p - Print the current 802.1X configuration. c - Step-by-step 802.1X configuration.