TL-WPA2220V1MACPowerlineScanUtility. The first example shows how to configure WPA 2 in enterprise mode, and the second example configures WPA 2 in personal mode.Wireless powerline utility release for TL-WPA2220. The document provides two configuration examples on how to implement WPA 2 on a WLAN.
Wpa Config Software And HardwareYou must use the ADU with CB21AG and PI21AG cards, and you must use the Aironet Client Utility (ACU) all other Aironet client adapters. Enter the WPA key (password) displayed on the TV screen, then tap Join.Ensure that you have basic knowledge of these topics before you attempt this configuration:Note: Refer to Cisco Aironet Wireless LAN Security Overview for information on Cisco WLAN security solutions.The information in this document is based on these software and hardware versions:Cisco Aironet 1310G Access Point (AP)/Bridge that runs Cisco IOS® Software Release 12.3(2)JAAironet 802.11a/b/g CB21AG Client Adapter that runs firmware 2.5Aironet Desktop Utility (ADU) that runs firmware 2.5Note: The Aironet CB21AG and PI21AG client adapter software is incompatible with other Aironet client adapter software. Prerequisites RequirementsBravia TVs receive software updates by default, so all you should have to do is. Note: WPA works with Extensible Authentication Protocol (EAP).All of the devices used in this document started with a cleared (default) configuration. For information on the AP/bridge models that come with internal or external antennas, refer to the ordering guide/product guide of the appropriate device.The information in this document was created from the devices in a specific lab environment. Certain AP/bridge models come with integrated antennas, whereas others need an external antenna for general operation. Otherwise, the AP/bridge is unable to connect to the wireless network. If you use an AP/bridge which requires an external antenna, ensure that the antennas are connected to the AP/bridge.WPA 2 implements the National Institute of Standards and Technology (NIST)-recommended Advanced Encryption Standard (AES) encryption algorithm with the use of Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). WPA 2 is the Wi-Fi Alliance interoperable implementation of the ratified IEEE 802.11i standard. WPA addresses all known Wired Equivalent Privacy (WEP) vulnerabilities in the original IEEE 802.11 security implementation and brings an immediate security solution to WLANs in both enterprise and small office, home office (SOHO) environments.WPA 2 is the next generation of Wi-Fi security. WPA provides enhanced data protection and access control for WLAN systems. Background InformationWPA is a standard-based security solution from the Wi-Fi Alliance that addresses the vulnerabilities in native WLANs. ConventionsRefer to Cisco Technical Tips Conventions for more information on document conventions.![]() ![]() Ultimately, every packet that is sent over the air is encrypted with a unique key. The encryption keys that are used for each client on the network are unique and specific to that client. WPA 2 creates fresh session keys on every association. TKIP is the encryption algorithm that WPA uses. The CCMP algorithm produces a message integrity code (MIC) that provides data origin authentication and data integrity for the wireless frame.Note: CCMP is also referred to as CBC-MAC.WPA 2 offers a higher level of security than WPA because AES offers stronger encryption than Temporal Key Integrity Protocol (TKIP). Use citra emulator 2019 macWPA 2 Support with Cisco Aironet EquipmentAironet 1130AG AP series and 1230AG AP seriesNote: Equip these APs with 802.11g radios and use Cisco IOS Software Release 12.3(2)JA or later.Aironet 1200 series radio modules with the part numbers AIR-RM21A and AIR-RM22ANote: The Aironet 1200 radio module with the part number AIR-RM20A does not support WPA 2.Aironet 802.11a/b/g Client Adapters with firmware version 2.5Note: Cisco Aironet 350 series products do not support WPA 2 because their radios lack AES support.Note: Cisco Aironet 1400 Series Wireless Bridges do not support WPA 2 or AES. However, Cisco recommends that customers transition to WPA 2 as soon as possible.WPA and WPA 2 both support two modes of operation:This document discusses the implementation of these two modes with WPA 2. WPA is still considered secure and TKIP has not been broken. The second phase is 802.1x authentication with one of the EAP methods. Configuration of open authentication occurs in the first phase. WPA 2 in enterprise mode performs authentication in two phases. The 802.1x is considered to be more secure than any of the legacy authentication frameworks because of its flexibility in support of a variety of authentication mechanisms and stronger encryption algorithms. Key management occurs with the use of WPA 2, on which AES-CCMP encryption is configured. Network SetupIn this setup, an Aironet 1310G AP/Bridge that runs Cisco Lightweight Extensible Authentication Protocol (LEAP) authenticates a user with a WPA 2-compatible client adapter. With WPA 2, the server generates the PMK dynamically and passes the PMK to the AP.This section discusses the configuration that is necessary to implement WPA 2 in the enterprise mode of operation. Excel 2011 for mac updateRefer to Configuring VLANs for more information on how to implement VLANs.Choose Security > Local Radius Server and complete these steps:Click the General Set-Up tab located at the top of the window.Check the LEAP check box and click Apply.In the Network Access Servers area, define the IP address and shared secret of the RADIUS server.For the local RADIUS server, use the IP address of the AP.Scroll down the General Set-Up window to the Individual Users area and define the individual users.The definition of the user groups is optional.This configuration defines a user with the name "user1" and a password. If you define VLANs, client devices that associate with use of this SSID are grouped into the VLAN. Use the ports 18 for local RADIUS server operation.In the Default Server Priorities area, define the default EAP authentication priority as 10.0.0.1.Note: 10.0.0.1 is the local RADIUS server.Choose Security > Encryption Manager from the menu on the left and complete these steps:This option enables AES encryption with the use of Counter Mode with CBC-MAC.Choose Security > SSID Manager and create a new Service Set Identifier (SSID) for use with WPA 2.Check the Network EAP check box in the Authentication Methods Accepted area.Note: Use these guidelines when you configure the authentication type on the radio interface:Third-party clients (which include Cisco Compatible Extensions -compliant products)—Use Open Authentication with EAP.A combination of both Cisco and third-party clients—Choose both Network EAP and Open Authentication with EAP.Scroll down the Security SSID Manager window to the Authenticated Key Management area and complete these steps:From the Key Management menu, choose Mandatory.Note: The definition of VLANs is optional. Configure the APComplete these steps to configure the AP using GUI:Configure the AP as a local RADIUS server that runs LEAP authentication.Choose Security > Server Manager in the menu on the left and define the IP address, ports, and shared secret of the RADIUS server.Because this configuration configures the AP as a local RADIUS server, use the IP address of the AP. The sections Configure the AP and Configure the Client Adapter show the configuration on the AP and the client adapter. You must configure the client adapter and the AP in order to implement this setup. CLI Configuration Access PointAaa new-model !- This command reinitializes the authentication, !- authorization and accounting functions.Server 10.0.0.1 auth-port 1812 acct-port 1813 !- A server group for RADIUS is created called "rad_eap" !- that uses the server at 10.0.0.1 on ports 18.Aaa authentication login eap_methods group rad_eap !- Authentication is to be done for !- users in a group called "eap_methods" who use server group "rad_eap". The next step is to configure the client adapter. After completion of the procedure in this section, the AP is ready to accept authentication requests from clients.
0 Comments
Leave a Reply. |
AuthorTyrazz ArchivesCategories |