Configuring 802.1x – SMC Networks SMC2552W-G2-17 User Manual
Page 126
Radio Interface
6-79
6
CLI Commands for WPA Over 802.1X Security – First set 802.1X to required using
the 802.1X command and set the 802.1X key refresh rates. Then 802.11g interface
configuration mode, use the vap command to access each VAP interface to
configure other security settings.
From the VAP interface configuration mode, use the authentication command to
select open system authentication and the encryption command to enable data
encryption. Use the wpa-clients command to set WPA to be required or supported
for clients. Use the wpa-mode command to enable WPA dynamic keys over 802.1X.
Set the broadcast and multicast key encryption using the multicast-cipher
command. To view the current security settings use the show interface
wireless g 0
command (not shown in example).
Configuring 802.1X
IEEE 802.1X is a standard framework for network access control that uses a central
RADIUS server for user authentication. This control feature prevents unauthorized
access to the network by requiring an 802.1X client application to submit user
credentials for authentication. The 802.1X standard uses the Extensible
Authentication Protocol (EAP) to pass user credentials (either digital certificates,
user names and passwords, or other) from the client to the RADIUS server. Client
authentication is then verified on the RADIUS server before the access point grants
client access to the network.
The 802.1X EAP packets are also used to pass dynamic unicast session keys and
static broadcast keys to wireless clients. Session keys are unique to each client and
are used to encrypt and correlate traffic passing between a specific client and the
access point. You can also enable broadcast key rotation, so the access point
provides a dynamic broadcast key and changes it at a specified interval.
Enterprise AP(config)#interface wireless g
Enter Wireless configuration commands, one per line.
Enterprise AP(if-wireless g)#vap 0
Enterprise AP(if-wireless g: VAP[0])#802.required
Enterprise AP(if-wireless g: VAP[0])#802.1X
broadcast-key-refresh-rate 5
Enterprise AP(if-wireless g: VAP[0])#802.1X
session-key-refresh-rate 5
Enterprise AP(if-wireless g: VAP[0])#802.1X session-timeout 300
Enterprise AP(if-wireless g: VAP[0])#authentication open
Enterprise AP(if-wireless g: VAP[0])#encryption
Enterprise AP(if-wireless g: VAP[0])#wpa-clients required
Enterprise AP(if-wireless g: VAP[0])#multicast-cipher TKIP
Enterprise AP(if-wireless g: VAP[0])#