36
• MSR3600-51F.
Configuring WLAN security
Configuration task list
To configure WLAN security in a service template, map the service template to a radio policy, and
add radios to the radio policy. The SSID name, advertisement setting (beaconing), and encryption
settings are configured in the service template. You can configure an SSID to support any
combination of WPA, RSN, and Pre-RSN clients
Task Remarks
Enabling an authentication method Required
Configuring the PTK lifetime Optional
Configuring the GTK rekey method Optional
Configuring security IE Required
Configuring cipher suite Required
Configuring port security Optional
Enabling an authentication method
You can enable open system or shared key authentication or both.
To enable an authentication method:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter WLAN service
template view.
wlan service-template
service-template-number
crypto
N/A
3. Enable the authentication
method.
authentication-method
{
open-system
|
shared-key
}
Optional.
By default, open system
authentication is adopted.
• The shared-key
authentication can be
adopted only when WEP
encryption is used, and you
must configure the
authentication-method
shared-key command.
• For RSN and WPA, the
authentication method must
be open system
authentication.
Configuring the PTK lifetime
A pairwise transient key (PTK) is generated through a four-way handshake, during which, the
pairwise master key (PMK), an AP random value (ANonce), a site random value (SNonce), the AP’s
MAC address and the client’s MAC address are used.
To Next Page
Loading...
Need help?
General
