User manual
General Concepts 14
Doc.Id. HMSI-27-205
Anybus Wireless Bridge - Ethernet to WLAN
Doc.Rev. 1.30
Key Management
For WEP64 and WEP128, shared keys can be entered in all four possible slots made available by the
AT*AGFPWI Write Encryption/Authentication Key (with Index) command. However, for LEAP,
PEAP and WPA/WPA2 PSK, the password or PSK must be entered in the key slot with index 1 (one).
This key must also be the one currently set as active by the AT*AGAFP Active Encryption/Authenti-
cation Key command.
If using LEAP or PEAP, the username for the Radius server should be entered with the command
AT*AGUN Username, and the domain with command AT*AGDN. For PEAP, the certificate must
also be considered. When receiving the certificate from the Radius server, the SHA-1 fingerprint is cal-
culated and stored in the WEPA for future comparisons. If the certificate changes, or if a different Ra-
dius server is to be used, the new fingerprint must be entered, or the old must be cleared with the
command AT*AGCFP.
If using WPA/WPA2 PSK, it is possible to enter either the preshared key (i.e. the hexadecimal string)
or the password (plain-text), commonly referred to as “WPA-PSK” or “WPA-PWD”. When entering a
password (not a hexadecimal string), the Wireless Bridge will take a few seconds longer during the next
connection after this change, in order to deduce the real key from the password. The module will be
unresponsive while calculating the real key.
By default, the key is entered as an ASCII string. To enter a hexadecimal key, the bytes must be escaped
with the '\' character, e.g. to enter the string "12345" as hexadecimal, the following would be entered:
"\31\32\33\34\35"