ZyWALL Series CLI Reference Guide
95
9.4.1 Security Profile Example
The following example creates a security profile with the name ‘SECURITY01’.
wep <64 | 128> default-key
<1..4>
Sets the WEP encryption strength (64 or 128) and the default
key value (1 ~ 4).
If you select WEP-64 enter 10 hexadecimal digits in the range of
“A-F”, “a-f” and “0-9” (for example, 0x11AA22BB33) for each
Key used; or enter 5 ASCII characters (case sensitive) ranging
from “a-z”, “A-Z” and “0-9” (for example, MyKey) for each Key
used.
If you select WEP-128 enter 26 hexadecimal digits in the range
of “A-F”, “a-f” and “0-9” (for example,
0x00112233445566778899AABBCC) for each Key used; or enter
13 ASCII characters (case sensitive) ranging from “a-z”, “A-Z”
and “0-9” (for example, MyKey12345678) for each Key used.
You can save up to four different keys. Enter the default-key
(1 ~ 4) to save your WEP to one of those four available slots.
wep-auth-type {open | share}
Sets the authentication key type to either open or share.
wpa-encrypt {tkip | aes | auto}
Sets the WPA/WPA2 encryption cipher type.
auto: This automatically chooses the best available cipher
based on the cipher in use by the wireless client that is
attempting to make a connection.
tkip: This is the Temporal Key Integrity Protocol encryption
method added later to the WEP encryption protocol to further
secure. Not all wireless clients may support this.
aes: This is the Advanced Encryption Standard encryption
method, a newer more robust algorithm than TKIP Not all
wireless clients may support this.
wpa-psk {wpa_key | wpa_key_64}
Sets the WPA/WPA2 pre-shared key.
[no] wpa2-preauth
Enables pre-authentication to allow wireless clients to switch
APs without having to re-authenticate their network
connection. The RADIUS server puts a temporary PMK Security
Authorization cache on the wireless clients. It contains their
session ID and a pre-authorized list of viable APs.
Use the no parameter to disable this.
exit
Exits configuration mode for this profile.
Table 25 Command Summary: Security Profile (continued)
COMMAND DESCRIPTION
Router(config)# wlan-security-profile SECURITY01
Router(config-security-profile)# mode wpa2
Router(config-security-profile)# wpa-encrypt aes
Router(config-security-profile)# wpa-psk 12345678
Router(config-security-profile)# idle 3600
Router(config-security-profile)# reauth 1800
Router(config-security-profile)# group-key 1800
Router(config-security-profile)# exit
Router(config)#
To Next Page
Loading...
