User manual SMC WEBS-N

[. . . ] USER GUIDE 300Mbps Wireless-N Access Point/Repeater SMCWEBS-N SMCWEBS-N User Guide SMC Networks U. S. A 20 Mason Irvine, CA 92618 Phone: (949) 679-8000 SMC Networks Europe, C/Fructuós Gelabert 6-8 2o, 2a, Edificio Conata II, 08970 Sant Joan Despí Barcelona - Spain Phone: +34 93 477 4920 March 2010 Pub. # 149100000065W E032010-AP-R02 Information furnished by SMC Networks, Inc. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. [. . . ] WPA2 includes the complete wireless security standard, but also offers backward compatibility with WPA. Both WPA and WPA2 provide an "enterprise" and "personal" mode of operation. For enterprise deployment, WPA and WPA2 use IEEE 802. 1X for user authentication and require a RADIUS authentication server to be configured on the wired network. Data encryption keys are automatically generated and distributed to all clients connected to the network. ­ 53 ­ CHAPTER 7 | Access Point Mode Wireless Configuration WLAN Security Figure 27: Security Mode - WPA The following items are displayed in this section on this page: Security Mode -- Configures the WPA and WPA2 security modes used by clients. When using WPA or WPA2, be sure there is a RADIUS server in the connected wired network, and that the RADIUS settings are configured. See "IEEE 802. 1X and RADIUS" on page 55 for more information. (Default: Disable) WPA -- Clients using WPA with an 802. 1X authentication method are accepted for authentication. WPA2 -- Clients using WPA2 with an 802. 1X authentication method are accepted for authentication. WPA1_WPA2 -- Clients using WPA or WPA2 with an 802. 1X authentication method are accepted for authentication. (Default is determined by the Security Mode selected. ) TKIP -- Uses Temporal Key Integrity Protocol (TKIP) keys for encryption. TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys. ­ 54 ­ CHAPTER 7 | Access Point Mode Wireless Configuration WLAN Security AES -- Uses Advanced Encryption Standard (AES) keys for encryption. WPA2 uses AES Counter-Mode encryption with Cipher Block Chaining Message Authentication Code (CBC-MAC) for message integrity. The AES Counter-Mode/CBCMAC Protocol (AESCCMP) provides extremely robust data confidentiality using a 128bit key. Use of AES-CCMP encryption is specified as a standard requirement for WPA2. Before implementing WPA2 in the network, be sure client devices are upgraded to WPA2-compliant hardware. WPA and WPA2 mixed modes allow both WPA and WPA2 clients to associate to a common SSID. In mixed mode, the unicast encryption type (TKIP or AES) is negotiated for each client. Key Renewal Interval -- Sets the time period for automatically changing data encryption keys and redistributing them to all connected clients. (Default: 3600 seconds) PMK Cache Period -- WPA2 provides fast roaming for authenticated clients by retaining keys and other security information in a cache, so that if a client roams away from an access point and then returns reauthentication is not required. This parameter sets the time for deleting the cached WPA2 Pairwise Master Key (PMK) security information. (Default: 10 minutes) Pre-Authentication -- When using WPA2, pre-authentication can be enabled that allows clients to roam to another access point and be quickly associated without performing full 802. 1X authentication. (Default: Disable) IEEE 802. 1X AND IEEE 802. 1X is a standard framework for network access control that uses RADIUS a central RADIUS server for user authentication. This control feature prevents unauthorized access to the network by requiring an 802. 1X client application to submit user credentials for authentication. [. . . ] BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. [. . . ]