Home » Dell Manuals » Hubs & Switches » Dell PowerConnect W-IAP3WN » Manual Viewer

Dell PowerConnect W-IAP3WN Dell Instant 6.2.0.0-3.2.0.0 User Guide - Page 144

Understanding WPA and WPA2, Recommended Authentication and Encryption Combinations, Personal

View all Dell PowerConnect W-IAP3WN manuals

Add to My Manuals
Save this manual to your list of manuals

Page 144 highlights

Understanding WPA and WPA2 The Wi-Fi Alliance created the Wi-Fi Protected Access (WPA) and WPA2 certifications to describe the 802.11i standard. The standard was written to replace WEP, which was found to have numerous security flaws. It took longer than expected to complete the standard, so WPA was created based on a draft of 802.11i, which allowed people to move forward quickly to create more secure WLANs. WPA2 encompasses the full implementation of the 802.11i standard. Table 18 summarizes the differences between the two certifications. WPA2 is a superset that encompasses the full WPA feature set. WPA and WPA2 can be further classified as follows: l Personal - Personal is also called Pre-Shared Key (PSK). In this type, a unique key is shared with each client in the network. Users have to use this key to securely log in to the network. The key remains the same until it is changed by authorized personnel. Key change intervals can also be configured. l Enterprise - Enterprise is more secure than WPA Personal. In this type, every client automatically receives a unique encryption key after securely logging on to the network. This key is long and automatically updated regularly. While WPA uses TKIP, WPA2 uses AES algorithm. Table 18 - WPA and WPA2 Features Certification WPA Authentication l PSK l IEEE 802.1X with Extensible Authentication Protocol (EAP) Encryption Temporal Key Integrity Protocol (TKIP) with message integrity check (MIC) WPA2 l PSK l IEEE 802.1X with EAP Advanced Encryption Standard -- Counter Mode with Cipher Block Chaining Message Authentication Code (AESCCMP) Recommended Authentication and Encryption Combinations Table 19 summarizes the recommendations for authentication and encryption combinations that should be used in Wi-Fi networks. Table 19 - Recommended Authentication and Encryption Combinations Network Type Employee Authentication 802.1X Encryption AES Guest Network Captive Portal None Voice Network or Handheld devices 802.1X or PSK as supported by the device AES if possible, TKIP or WEP if necessary (combine with restricted policy enforcement firewall (PEF) user role). 144 | Encryption Dell PowerConnect W-Series Instant Access Point 6.2.0.0-3.2.0.0 | User Guide

Section	Page
Contents	3
About This Guide	15
Dell PowerConnect W-Instant Access Point Overview	15
Supported Devices	15
Objective	15
Intended Audience	16
Conventions	16
Contacting Support	16
Initial Configuration	17
Initial Setup	17
Pre-Installation Checklist	17
Connecting a W-IAP	18
Assigning an IP Address to the W-IAP	18
Connecting to a Provisioning Wi-Fi Network	18
Disabling the Provisioning Wi-Fi Network	20
Assigning a Static IP	20
Log in to the Dell W-Series Instant UI	21
Specifying a Country Code	21
W-IAP Cluster	22
Dell W-Instant User Interface	23
Understanding the Dell W-Series Instant UI Layout	23
Banner	24
Search	24
Tabs	24
Networks Tab	24
Access Points Tab	25
Clients Tab	25
Links	26
New Version Available	27
Settings	27
RF	29
PEF	30
WIP	30
VPN	31
Wired	31
Maintenance	32
Support	32
Help	32
Logout	33
Monitoring	33
Info	33
RF Dashboard	34
Usage Trends	35
Spectrum	36
Overview (Device list)	36
Channel Utilization and Monitoring	36
Channel Details	37
Alerts	37
Client Alerts	37
Fault History	38
Active Faults	38
IDS	39
Configuration	39
AirGroup	40
Language	40
Dell PowerConnect W-AirWave Setup	40
Pause/Resume	41
Views	41
Wireless Network	43
Network Types	43
Employee Network	44
Adding an Employee Network	44
Voice Network	53
Adding a Voice Network	53
Guest Network	60
Adding a Guest Network	60
Editing a Network	68
Deleting a Network	68
Number of WLAN SSIDs Supported	68
Enabling the Extended SSID Option	69
VLAN Pooling	69
Managing W-IAPs	71
Preferred Band	71
Auto Join Mode	71
Disabling Auto Join Mode	71
Terminal Access	72
LED Display	72
TFTP Dump Server	72
Extended SSID	73
Deny Inter User Bridging and Deny Local Routing	73
Syslog Server	73
Syslog Facility Levels	74
Adding a W-IAP to the Network	74
Removing a W-IAP from the Network	75
Editing W-IAP Settings	75
Changing W-IAP Name	75
Changing IP Address of the W-IAP	76
Configuring Adaptive Radio Management	78
Configuring Uplink Management VLAN	79
Configuring Wired Bridging on Ethernet 0	79
Migrating to a Dell PowerConnect W-Series Mobility Controller Managed Network	80
Converting a W-IAP to RAP Mode	80
Converting a W-IAP to CAP	83
Converting a W-IAP to Standalone Mode	83
Converting Back to a W-IAP	84
Rebooting the W-IAP	84
Firmware Image Server in Cloud Network	86
Upgrade Using Dell PowerConnect W-AirWave and Image Server	86
Image Management Using Cloud Server	86
Image Management Using Dell PowerConnect W-AirWave	86
Automatic Firmware Image Check and Upgrade	87
Upgrading to New Version	88
Manual	88
Automatic	90
Layer-3 Mobility	91
Overview	91
Configuring a Mobility Domain	92
Home Agent Load Balancing	95
Spectrum Monitor	97
Creating Spectrum Monitors and Hybrid APs	97
Converting W-IAPs into Hybrid W-IAPs	97
Converting a W-IAP to a Spectrum Monitor	98
Spectrum Data	100
Overview - Device List	100
Non Wi-Fi Interferers	101
Channel Metrics	103
Channel Details	104
Spectrum Alerts	105
Time Management	107
NTP Server	107
Configuring an NTP Server	107
Daylight Saving Time	108
Enabling Daylight Saving Time	108
Virtual Controller	109
Master Election Protocol	109
Preference to an IAP with 3G/4G Card	109
Preference to a W-IAP with Non-Default IP	109
Virtual Controller IP Address	110
Specifying Name and IP Address for the Virtual Controller	110
Configuring the DHCP Server	110
Authentication	111
Authentication Methods in Dell W-Instant	111
802.1X Authentication	111
Internal RADIUS Server	112
External RADIUS Server	112
Authentication Terminated on W-IAP	112
Configuring an External RADIUS Server	113
Enabling RADIUS Server Support	115
Authentication Survivability	115
RADIUS Server Authentication with VSA	118
List of Supported VSA	118
Management Authentication Settings	120
Captive Portal	121
Internal Captive Portal	121
Configuring Internal Captive Portal Authentication when Adding a Guest Network	122
Configuring Internal Captive Portal Authentication when Editing a Guest Network	123
Configuring Internal Captive Portal with External RADIUS Server Authenticatio...	124
Customizing a Splash Page	125
Disabling Captive Portal Authentication	126
External Captive Portal	127
Configuring External Captive Portal Authentication when Adding a Guest Network	127
Configuring External Captive Portal Authentication when Editing a Guest Network	129
External Captive Portal Authentication using ClearPass Guest	131
Creating a Web Login page in the ClearPass Guest	131
Configuring the RADIUS Server in Instant	131
WISPr Authentication	132
Configuring WISPr Authentication	132
MAC Authentication	133
Configuring MAC Authentication	134
Walled Garden Access	134
Creating a Walled Garden Access	134
MAC + 802.1X Authentication	136
Configuring MAC + 802.1X Authentication	136
MAC + Captive Portal Authentication	137
Configuring MAC + Captive Portal Authentication	137
Wired Authentication on a W-IAP	138
Certificates	138
Loading Certificates using Dell W-Series Instant UI	139
Loading Certificates using Dell PowerConnect W-AirWave	140
Encryption	143
Encryption Types Supported in Dell W-Instant	143
WEP	143
TKIP	143
AES	143
Encryption Recommendations	143
Understanding WPA and WPA2	144
Recommended Authentication and Encryption Combinations	144
Role Derivation	145
User Roles	145
Creating a New User Role	145
Creating Role Assignment Rules	147
MAC-Address Attribute	147
DHCP Option and DHCP Fingerprinting	148
802.1X-Authentication-Type	148
User VLAN Derivation	149
User VLAN Derivation	149
Vendor Specific Attributes (VSA)	149
VLAN Derivation Rule	150
Configuring VLAN Derivation Rules on a W-IAP	150
User Role	151
Configuring a User Role	151
SSID Profile	152
Configuring VLAN Derivation Rules Using an SSID Profile	153
Instant Firewall	155
Service Options	156
Destination Options	158
Examples for Access Rules	158
Allow TCP Service to a Particular Network	158
Allow POP3 Service to a Particular Server	159
Deny FTP Service except to a Particular Server	160
Deny bootp Service except to a Particular Network	161
Content Filtering	163
Enabling Content Filtering	163
Enterprise Domains	164
OS Fingerprinting	167
Adaptive Radio Management	169
ARM Features	169
Channel or Power Assignment	169
Voice Aware Scanning	169
Load Aware Scanning	169
Band Steering Mode	169
Airtime Fairness Mode	170
Airtime Fairness Modes	170
Access Point Control	171
Customize Valid Channels	171
Min Transmit Power	171
Max Transmit Power	171
Client Aware	171
Scanning	171
Wide Channel Bands	171
Monitoring the Network with ARM	172
ARM Metrics	172
Configuring Administrator Assigned Radio Settings for W-IAP	172
Configuring Radio Profiles in Instant	173
Intrusion Detection System	177
Rogue AP Detection and Classification	177
Wireless Intrusion Protection (WIP)	177
Containment Methods	181
SNMP	183
SNMP Parameters for W-IAP	183
SNMP Traps	185
Ethernet Downlink	187
Ethernet Downlink Overview	187
Ethernet Downlink Profile Parameters	187
Assigning a Profile to the Ethernet Port	190
Hierarchical Deployment	193
Deployment	193
Uplink Configuration	195
Uplink Interface Configuration	195
Ethernet Uplink	195
3G/4G Uplink	196
Types of Modems	196
Provisioning 3G/4G Uplink Manually	198
Provisioning 3G Uplink Automatically	199
Provisioning a 3G/4G Switch Network	199
Wi-Fi Uplink	200
Provisioning Wi-Fi Uplink	200
Provisioning 3G/4G and Wi-Fi Uplink with Factory Setting	200
Uplink Management	201
Enforce Uplink	201
Uplink Preemption	201
Uplink Switchover	201
Uplink Switching Based on VPN Status	201
Uplink Switching Based on Internet Connectivity Status	202
PPPoE	202
Configuring PPPoE	202
Dell PowerConnect W-AirWave Integration and Management	205
Dell PowerConnect W-AirWave Features	205
Image Management	205
W-IAP and Client Monitoring	205
Template-based Configuration	205
Trending Reports	206
Intrusion Detection System	206
Wireless Intrusion Detection System (WIDS) Event Reporting to Dell PowerConne...	206
RF Visualization Support for Dell W-Instant	207
Configuring Dell PowerConnect W-AirWave	207
Creating your Organization String	207
About Shared Key	208
Entering the Organization String and AMP Information into the W-IAP	208
Dell PowerConnect W-AirWave Discovery through DHCP Option	208
Standard DHCP option 60 and 43 on Windows Server 2008	208
Alternate Method for Defining Vendor-Specific DHCP Options	212
AirGroup	215
Introducing AirGroup	215
What is Bonjour and Zero Configuration Networking?	215
WLANs and Bonjour	216
AirGroup Solution	216
AirGroup Features	217
Dell PowerConnect W-ClearPass Policy Manager and ClearPass Guest Features	217
AirGroup Architecture	217
How Does AirGroup Work?	218
Use Case: Higher Education Wireless LAN	219
The AirGroup Solution Components	219
Configuring AirGroup on W-Instant	220
Using the Dell W-Series Instant UI	220
Enabling or Disabling AirGroup	220
Disallow Role	221
Disallow VLAN	222
Configuring AirGroup-CPPM Interface in W-Instant	223
Creating a RADIUS Server	223
Assign a Server to AirGroup	224
Configure CPPM to Enforce Registration	225
Change of Authorization (CoA)	225
AirGroup Monitoring	226
Troubleshooting and Log Messages	226
Monitoring	229
Virtual Controller View	229
Monitoring Link	230
Info	230
RF Dashboard	230
Usage Trends	230
Client Alerts Link	232
IDS Link	232
Network View	232
Info	233
Usage Trends	233
Dell W-Instant Access Point View	235
Info	235
RF Dashboard	235
Overview	236
Client View	243
Info	244
RF Dashboard	244
RF Trends	244
Mobility Trail	247
Alert Types and Management	249
Alert Types	249
Policy Enforcement Firewall	251
Authentication Servers	251
Users for Internal Server	251
Roles	252
Extended Voice and Video Functionalities	253
QoS for Microsoft Office OCS and Apple Facetime	253
Microsoft OCS	254
Apple Facetime	254
Client Blacklisting	255
Types of Client Blacklisting	256
Manual Blacklisting	256
Adding a Client to the Manual Blacklist	256
Dynamic Blacklisting	257
Authentication Failure Blacklisting	257
Session Firewall Based Blacklisting	257
PEF Settings	258
Firewall ALG Configuration	258
Firewall-based Logging	259
VPN Configuration	261
VPN Configuration	261
Fast Failover	262
Routing Profile Configuration	262
DHCP Server Configuration	263
NAT DHCP Configuration	264
Distributed L2 DHCP Configuration	265
Distributed L3 DHCP Configuration	266
Centralized L2 DHCP Configuration	267
User Database	269
Adding a User	269
Editing User Settings	270
Deleting a User	270
Regulatory Domain	271
Country Codes List	271
Controller Configuration for VPN	277
Whitelist DB Configuration	277
VPN Local Pool Configuration	277
W-IAP VPN Profile Configuration	278
Dell PowerConnect W-ClearPass Configuration for AirGroup	279
Dell PowerConnect W-ClearPass Setup	279
Testing	283
Troubleshooting	283
IAP-VPN	285
Licensing Requirements	285
VPN Configuration	286
Creating a W-IAP Whitelist	286
Controller Whitelist DB	286
External Whitelist DB	286
VPN Local Pool Configuration	287
VPN Profile Configuration	287
Radius Proxy for VPN Connected IAPs	287
Viewing Branch Status	288
Example	288
Troubleshooting	289
Viewing Logs	289
Support Commands	289
Abbreviations	295

Match case Limit results 1 per page

144

Encryption

Dell PowerConnect W-Series Instant Access Point

6.2.0.0-3.2.0.0

User Guide

Understanding WPA and WPA2

The Wi-Fi Alliance created the Wi-Fi Protected Access (WPA) and WPA2 certifications to

describe the 802.11i standard. The standard was written to replace WEP, which was found to have

numerous security flaws. It took longer than expected to complete the standard, so WPA was

created based on a draft of 802.11i, which allowed people to move forward quickly to create more

secure WLANs. WPA2 encompasses the full implementation of the 802.11i standard.

Table

summarizes the differences between the two certifications. WPA2 is a superset that encompasses

the full WPA feature set. WPA and WPA2 can be further classified as follows:

Personal

— Personal is also called Pre-Shared Key (PSK). In this type, a unique key is shared

with each client in the network. Users have to use this key to securely log in to the network.

The key remains the same until it is changed by authorized personnel. Key change intervals

can also be configured.

Enterprise

— Enterprise is more secure than WPA Personal. In this type, every client

automatically receives a unique encryption key after securely logging on to the network. This

key is long and automatically updated regularly. While WPA uses TKIP, WPA2 uses AES

algorithm.

Certification

Authentication

Encryption

WPA

PSK

IEEE 802.1X with

Extensible

Authentication Protocol

(EAP)

Temporal Key Integrity

Protocol (TKIP) with

message integrity check

(MIC)

WPA2

PSK

IEEE 802.1X with EAP

Advanced Encryption

Standard -- Counter Mode

with Cipher Block

Chaining Message

Authentication Code

(AESCCMP)

Table 18

- WPA and WPA2 Features

Recommended Authentication and Encryption Combinations

Table

summarizes the recommendations for authentication and encryption combinations that

should be used in Wi-Fi networks.

Network Type

Authentication

Encryption

Employee

802.1X

AES

Guest Network

Captive Portal

None

Voice Network or

Handheld devices

802.1X or PSK as

supported by the device

AES if possible, TKIP or

WEP if necessary

(combine with restricted

policy enforcement

firewall (PEF) user role).

Table 19

Recommended Authentication and Encryption Combinations