Configuring security settings, Configuring security settings -24 – HP ProCurve 520wl Wireless Access Point User Manual
Page 37
Other Security Configuration Settings
2-24
Upon receiving a reply EAP packet from the RADIUS, the message is typically forwarded to the client PC, after translating it
back to the EAPOL format. Negotiations take place between the client PC and the RADIUS server. After the client has been
successfully authenticated, the client PC receives an encryption key from the WL520 (if the EAP type supports automatic key
distribution). The client uses this key to encrypt data after it has been authenticated. For 802.11a, each client receives its own
unique encryption key; this is known as Per User Per Session Encryption keys. (This feature is only available when using 802.1x
mode; it is not available when in Mixed mode or using WEP encryption only).
configuring security settings
configuring security settings
configuring security settings
configuring security settings
Click the 802.1x tab in the
Security Configuration
screen to set the 802.1x security mode for the WL520. (Note that the
configuration settings for standard encryption (that does not use 802.1x) are located on the Encryption page.) The WL520
software offers four security settings:
1. No security or encryption
No security or encryption
No security or encryption
No security or encryption
Set the 802.1x Security Mode to
none
none
none
none
on the 802.1x page and disable Encryption for both interface cards on the
Encryption page.
2. WEP encryption only on one or both wireless interfaces
WEP encryption only on one or both wireless interfaces
WEP encryption only on one or both wireless interfaces
WEP encryption only on one or both wireless interfaces
WEP encryption is the wireless equivalent of the security level available through a wired network. Select the 802.1x
Security Mode to
none
none
none
none
on the 802.1x page. Click the Encryption
Encryption
Encryption
Encryption tab and
enable
enable
enable
enable
the Encryption status for one or both
wireless PC Cards. The available Encryption Key Length varies based on the card type. See
3. 802.1x security (requires RADIUS server authentication)
802.1x security (requires RADIUS server authentication)
802.1x security (requires RADIUS server authentication)
802.1x security (requires RADIUS server authentication)
When you decide to use the 802.1x security mode, you must first configure the RADIUS server to receive an
authentication response (see
RADIUS Authentication Settings
for information on the server settings). Your computer
operating system must also be configured to receive and send authenticated packets. Then, set 802.1x Security Mode
802.1x Security Mode
802.1x Security Mode
802.1x Security Mode
to 802.1x. In addition, you must select an Encryption Key Length
Encryption Key Length
Encryption Key Length
Encryption Key Length for each wireless interface (key size varies based on
card type) and a Re-keying Interval. The rekey feature determines how often your encryption key is changed (the
interval between changes) and can be set to any value between 60 - 65535 seconds. Rekeying frustrates hacking
attempts without taxing system resources. Setting a fairly frequent rekey value (900 seconds=15 minutes) effectively
protects against intrusion without disrupting network activities. For detailed configuration steps, see
WL520 using 802.1x Security Mode
.
4. Mixed mode with 802.1x and WEP encryption
Mixed mode with 802.1x and WEP encryption
Mixed mode with 802.1x and WEP encryption
Mixed mode with 802.1x and WEP encryption
Mixed mode supports both 802.1x and WEP encryption simultaneously. To use this option, set 802.1x Security Mode
802.1x Security Mode
802.1x Security Mode
802.1x Security Mode
to Mixed and configure the 802.1x settings (Encryption Key Length and Re-keying interval), Encryption settings
(enable Encryption and enter key 1), and RADIUS server settings. For Encryption settings, enable Encryption on the
required interfaces and enter key 1 (keys 2-4 are not required).
NOTE:
In Mixed mode, when entering Encryption Key 1
Encryption Key 1
Encryption Key 1
Encryption Key 1 on the Encryption page, you must use the same size key that you
configured for Encryption Key Length
Encryption Key Length
Encryption Key Length
Encryption Key Length on the 802.1x page.
setting up the wl520 using 802.1x security mode
setting up the wl520 using 802.1x security mode
setting up the wl520 using 802.1x security mode
setting up the wl520 using 802.1x security mode
1. In the Web Interface, click the
Configure
Configure
Configure
Configure
button and select the
Security
Security
Security
Security
tab.
2. Select the
802.1x
802.1x
802.1x
802.1x
tab. Set the
802.1x Security Mode
802.1x Security Mode
802.1x Security Mode
802.1x Security Mode
to 802.1x
802.1x
802.1x
802.1x or Mixed
Mixed
Mixed
Mixed and click
OK
OK
OK
OK
.
NOTE:
Ignore the reboot message - this can be done when the entire procedure is finished.
3. Select the
RADIUS
RADIUS
RADIUS
RADIUS
tab and the
Radius Auth
Radius Auth
Radius Auth
Radius Auth
sub-tab.
4. Enable the Primary RADIUS server. (You must specify information for at least the Primary RADIUS server. The Backup
RADIUS server is optional.)
5. Enter an
Authorization Lifetime
Authorization Lifetime
Authorization Lifetime
Authorization Lifetime
(the length of time, in seconds, that can elapse before a client session is automatically
re-authenticated). Range is 60 - 43200 seconds (in 60 sec increments); default is 900 sec.
6. Select a
Server Addressing Format
Server Addressing Format
Server Addressing Format
Server Addressing Format
(either name or IP address). Use a server name only if you have enabled the DNS
Client functionality. See
.
7. Enter the Server Name or IP Address for the Primary RADIUS server.
8. Enter the
Destination Port
Destination Port
Destination Port
Destination Port
. The default is 1812, however your RADIUS server provider may have another
communication port defined.
9. Enter the RADIUS server password in the
Shared Secret
Shared Secret
Shared Secret
Shared Secret
and
Confirm Shared Secret
Confirm Shared Secret
Confirm Shared Secret
Confirm Shared Secret
fields.
10. Configure the
Response Time
Response Time
Response Time
Response Time
(the maximum time, in seconds, to wait for the RADIUS server to respond to a request)
and
Maximum Retransmission
Maximum Retransmission
Maximum Retransmission
Maximum Retransmission
(the maximum number of times a request may be retransmitted) values.
11. Reboot the WL520 device for these changes to take effect.