Chapter 7 Wireless LAN Profiles
ZyWALL / USG (ZLD) CLI Reference Guide
66
7.5.1 Security Profile Example
The following example creates a security profile with the name ‘SECURITY01’..
wpa-encrypt {tkip | aes | auto} Sets the WPA/WPA2 encryption cipher type.
auto: This automatically chooses the best available cipher based
on the cipher in use by the wireless client that is attempting to
make a connection.
tkip: This is the Temporal Key Integrity Protocol encryption
method added later to the WEP encryption protocol to further
secure. Not all wireless clients may support this.
aes: This is the Advanced Encryption Standard encryption
method, a newer more robust algorithm than TKIP Not all
wireless clients may support this.
wpa-psk {wpa_key | wpa_key_64} Sets the WPA/WPA2 pre-shared key.
[no] wpa2-preauth Enables pre-authentication to allow wireless clients to switch APs
without having to re-authenticate their network connection. The
RADIUS server puts a temporary PMK Security Authorization
cache on the wireless clients. It contains their session ID and a
pre-authorized list of viable APs.
Use the no parameter to disable this.
[no] reauth <30..30000> Sets the interval (in seconds) between authentication requests.
The default is 0.
idle <30..30000> Sets the idle interval (in seconds) that a client can be idle before
authentication is discontinued.
The default is 300.
group-key <30..30000> Sets the interval (in seconds) at which the AP updates the group
WPA/WPA2 encryption key.
The default is 1800.
[no] dot1x-eap Enables 802.1x secure authentication. Use the no parameter to
disable it.
eap {external | internal auth_method} Sets the 802.1x authentication method.
[no] server-auth <1..2> activate Activates server authentication. Use the no parameter to
deactivate.
server-auth <1..2> ip address ipv4_address
port <1..65535> secret secret
Sets the IPv4 address, port number and shared secret of the
RADIUS server to be used for authentication.
[no] server-auth <1..2> Clears the server authentication setting.
exit Exits configuration mode for this profile.
Table 18 Command Summary: Security Profile (continued)
COMMAND DESCRIPTION
Router(config)# wlan-security-profile SECURITY01
Router(config-security-profile)# mode wpa2
Router(config-security-profile)# wpa-encrypt aes
Router(config-security-profile)# wpa-psk 12345678
Router(config-security-profile)# idle 3600
Router(config-security-profile)# reauth 1800
Router(config-security-profile)# group-key 1800
Router(config-security-profile)# exit
Router(config)#
To Next Page
Loading...
