7-13
Wireless Security Configuration
Wireless Security Overview
When you have decided which security mechanisms to implement in your
network, refer to Table 7-2 and Table 7-3 for a summary of the access point
configuration procedures.
For more details on security configurations that are possible using the CLI,
see “CLI: Configuring Security Settings” on page 7-24
.
Table 7-2. Summary of Wireless Security Configuration
Configuring Encryption in the ProCurve Wireless Access Point 530
Encryption Methods and
Process
WLAN Interface Level Commands Additional
Requirements
Notes
No Security security <no security>
Static WEP Keys:
1. Enable WEP Security.
2. Set the Key Index, Length,
and Type.
3. Configure the Keys.
4. Set the Authentication.
security <static-wep>
wep-default-key
<1| 2| 3| 4>
[no] wep-key
ascii
wep-key-length <64|128>
wep-key <1| 2| 3| 4> <string>
[no] open-system-authentication
[no] shared-key authentication
WEP supported
station required.
Requires manual key
management.
Encryption index, length, and
type configured in the access
point must match those
configured in the stations.
Dynamic WEP:
1. Enable Dynamic WEP
Security.
2. Set the Authentication
Server and Protocol.
3. Set RADIUS Key.
security <dynamic-wep>
radius-accounting <primary | secondary>
<ip <ip> | port <port> | key <key>>
radius <primary | secondary>
*The radius-key value is used with an external RADIUS
server only and is ignored for the internal radius server.
It should be set to the shared secret key that is
configured on the external RADIUS server.
RADIUS server
required.
802.1X supplicant
required.
WEP supported
station required.
The built-in authentication
server can be used on the
access point or on an
external RADIUS server.
To use the built-in
authentication server, set the
RADIUS IP address to that
used by the built-in server,
and turn RADIUS accounting
off (because it is not
supported by the built-in
server).
WPA-PSK
1. Enable WPA Security.
2. Enable WPA and/or WPA2.
3. Set Authentication
Protocols—TKIP, AES, or
both.
4. Set the key.
security <wpa-psk>
wpa-allowed
[no]wpa2-allowed
[no] wpa-cipher-tkip
[no] wpa-cipher-aes
wpa-pre-shared-key <key>
WPA supported
station required.
If there is a mix of
stations, some
supporting WPA2
and others
supporting the
original WPA,
configure for both
(set both wpa/wpa2
allowed).
When both TKIP and CCMP
authentication methods are
set, both TKIP and AES
stations can associate with
the access point. WPA
stations must have either a
valid TKIP or an AES key to
communicate.
To Next Page
Loading...
