HP ProCurve Wireless Access Point 420 - Hewlett Packard

More documents

Recommendations

Info

Access Point Configuration Configuring Wireless Security network by requiring an 802.1x client application to submit user credentials for authentication. The 802.1x standard uses the Extensible Authentication Protocol (EAP) to pass user credentials (either digital certificates, usernames and passwords, or other) from the client to the RADIUS server. Client authentication is then verified on the RADIUS server before the access point grants client access to the network. The 802.1x EAP packets are also used to pass dynamic unicast session keys and static broadcast keys to wireless clients. Session keys are unique to each client and are used to encrypt and correlate traffic passing between a specific client and the access point. You can also enable broadcast key rotation, so the access point provides a dynamic broadcast key and changes it at a specified interval. MAC Address Filtering. Using MAC address filtering, you can configure the access point with a list of the MAC addresses of wireless clients that are authorized to access the network. This provides a basic level of authentication for wireless clients attempting to gain access to the network. A database of authorized MAC addresses can be stored locally on the access point or remotely on a central RADIUS server. Wi-Fi Protected Access (WPA). WPA employs a combination of several technologies to provide an enhanced security solution for 802.11 wireless networks. The access point supports the following WPA components and features: ■ IEEE 802.1x (802.1x) and the Extensible Authentication Protocol (EAP): WPA employs 802.1x as its basic framework for user authentication and dynamic key management. The 802.1x client and RADIUS server should use an appropriate EAP type—such as EAP-TLS (Transport Layer Security), EAP-TTLS (Tunneled TLS), or PEAP (Protected EAP)—for strongest authentication. Working together, these protocols provide “mutual authentication” between a client, the access point, and a RADIUS server that prevents users from accidentally joining a rogue network. Only when a RADIUS server has authenticated a user’s credentials will encryption keys be sent to the access point and client. Not e Implementing WPA on wireless clients requires a WPA-enabled network card driver and 802.1x client software that supports the EAP authentication type that you want to use. Windows XP provides native WPA support, other systems require additional software. 5-46 ■ Temporal Key Integrity Protocol (TKIP): WPA specifies TKIP as the data encryption method to replace WEP. TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys. Basically,
Access Point Configuration Configuring Wireless Security TKIP starts with a master (temporal) key for each user session and then mathematically generates other keys to encrypt each data packet. TKIP provides further data encryption enhancements by including a message integrity check for each packet and a re-keying mechanism, which periodically changes the master key. ■ WPA Pre-Shared Key (PSK) Mode: For enterprise deployment, WPA requires a RADIUS authentication server to be configured on the wired network. However, for small office networks that may not have the resources to configure and maintain a RADIUS server, WPA provides a simple operating mode that uses just a pre-shared password for network access. The Pre-Shared Key mode uses a common password for user authentication that is manually entered on the access point and all wireless clients. The PSK mode uses the same TKIP packet encryption and key management as WPA in the enterprise, so it provides a robust and manageable alternative for small networks. ■ Mixed WPA and WEP Client Support: WPA enables the access point to indicate its supported encryption and authentication mechanisms to clients using its beacon signal. WPA-compatible clients can likewise respond to indicate their WPA support. This enables the access point to determine which clients are using WPA security and which are using legacy WEP. The access point uses TKIP unicast data encryption keys for WPA clients and WEP unicast keys for WEP clients. The global encryption key for multicast and broadcast traffic must be the same for all clients, therefore it restricts encryption to a WEP key. ■ Advanced Encryption Standard (AES) Support: WPA specifies AES encryption as an optional alternative to TKIP and WEP. AES provides very strong encryption using a completely different ciphering algorithm to TKIP and WEP. The developing IEEE 802.11i wireless security standard has specified AES as an eventual replacement for TKIP and WEP. However, because of the difference in ciphering algorithms, AES requires new hardware support in client network cards that is currently not widely available. The access point includes AES support as a future security enhancement. 5-47
Page 1 and 2:
HP ProCurve Wireless Access Point 4
Page 3 and 4:
Contents 1 Getting Started Contents
Page 5 and 6:
Modifying System Management Access
Page 7 and 8:
sntp-server date-time . . . . . . .
Page 9:
shutdown . . . . . . . . . . . . .
Page 12 and 13:
Getting Started Introduction 1-2 In
Page 14 and 15:
Getting Started Related Publication
Page 16 and 17:
Getting Started Sources for More In
Page 18 and 19:
Getting Started Need Only a Quick S
Page 20 and 21:
Selecting a Management Interface Ov
Page 22 and 23:
Selecting a Management Interface Ad
Page 24 and 25:
Using the Command Line Interface (C
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Using the HP Web Browser Interface
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53: Using the HP Web Browser Interface
Page 58 and 59: Access Point Configuration Overview
Page 60 and 61: Access Point Configuration Modifyin
Page 66 and 67: Access Point Configuration Configur
Page 74 and 75: Access Point Configuration Enabling
Page 76 and 77: Access Point Configuration Enabling
Page 88 and 89: Access Point Configuration Setting
Page 124 and 125: Command Line Reference Overview 6-2
Page 126 and 127: Command Line Reference General Comm
Page 128 and 129: Command Line Reference General Comm
Page 130 and 131: Command Line Reference System Manag
Page 148 and 149: Command Line Reference SNMP Command
Page 150 and 151: Command Line Reference SNMP Command
Page 152 and 153:
Command Line Reference Flash/File C
Page 154 and 155:
Command Line Reference Flash/File C
Page 156 and 157:
Command Line Reference RADIUS Clien
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Command Line Reference 802.1x Port
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Command Line Reference Filtering Co
Page 172 and 173:
Command Line Reference Filtering Co
Page 174 and 175:
Command Line Reference Interface Co
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Command Line Reference VLAN Command
Page 202 and 203:
Command Line Reference VLAN Command
Page 204 and 205:
File Transfers Overview A-2 Overvie
Page 206 and 207:
File Transfers Downloading Access P
Page 208 and 209:
File Transfers Downloading Access P
Page 210 and 211:
File Transfers Transferring Configu
Page 212 and 213:
File Transfers Transferring Configu
Page 214 and 215:
P password … 4-7, 4-8 administrat
show all

HP ProCurve Wireless Access Point 420 - Hewlett Packard

Create successful ePaper yourself

Delete template?

Save as template?