beautypg.com

Enterprise security, Table 14, Wpa2-personal (psk) ascii psk configuration – B&B Electronics WLNN-AN(ER,SE,SP.EK)-DP551 - Manual User Manual

Page 59: Table 15, 5 enterprise security

background image

Airborne Enterprise CLI Reference Manual

59

WPA2 implements the mandatory elements of the IEEE 802.11i standard and
replaces TKIP with AES-CCMP encryption and is considered fully secure at this
time. WPA2 has two configurations: Personal and Enterprise. WPA2-Personal
utilizes the same Pre-Shared Key (PSK) as supported by WPA, but uses AES-
CCMP instead of TKIP.

The implementation of WPA2-Personal follows very closely the WPA example, in
fact to the user the configuration is identical, and the underlying security
improvements are hidden by the device. The device supports both ASCII string
and pre-calculated hex keys as valid input, a description of the configuration
requirements can be seen in Table 14 and Table 15.

Table 14 - WPA2-Personal (PSK) ASCII PSK Configuration

Command

Description

wl-security wpa2-psk

Defines WPA2 with a Preshared Key (PSK).

pw-wpa-psk password

Defines the preshared key used by the module
and must match the same PSK passphrase

used by the AP.

Must be 8-63 ASCII characters long and cannot
include spaces.

Table 15 - WPA2-Personal (PSK) Precalculated Key Configuration

Command

Description

wl-security wpa2-psk

Defines WPA2 with a Preshared Key (PSK).

pre-calc-psk password

Defines the precalculated hex key used by the

AP. Must be 64 ASCII Hex digits long.

10.5 Enterprise Security

Enterprise supports a set of EAP (802.1x) protocols to provide the highest level
of security available for 802.11 implementations. As defined by the WiFi Alliance,
any product claiming WPA-Enterprise or WPA2-Enterprise capability should
support the following group of EAP processes:

 EAP-TLS (Mandatory)

 PEAPv0/EAP-MSCHAPv2

 PEAPv1/EAP-GTC

 EAP-TTLS/MSCHAPv2

 EAP-SIM

Since all but the EAP-TLS are optional, many companies claim WPA2-Enterprise
compliance with minimal support (EAP-TLS only). Since there is no requirement
from the WiFi Alliance to make the implementation of the security standards
user-friendly, it is not always the case that configuring an embeddable WiFi
device for these advanced security methods is easy, let alone possible. The B&B
Electronics module supports all EAP processes except PEAPv1 and EAP-SIM.

The modules support WPA (TKIP) and WPA2 (AES-CCMP) encryption without
requiring separate configuration of the EAP process type.

See also other documents in the category B&B Electronics Accessories communication: