Home » D-Link Manuals » Wireless » D-Link DWL-3500AP » Manual Viewer

D-Link DWL-3500AP Administration Guide - Page 143

Set Security to WPA/WPA2 Personal (PSK)

UPC - 790069297090

Add to My Manuals
Save this manual to your list of manuals

Page 143 highlights

B CLI for AP Configuration Set Security to WPA/WPA2 Personal (PSK) To configure WPA/WPA2 Personal as the security mode, you need to issue multiple commands. This section describes the commands and procedures to configure WPA/WPA2 Personal. NOTE: This example shows how to configure WPA/WPA2 Personal on VAP 0 on radio 1 (wlan0). For VAPs 1-7, use wlanxvapy, where x is the radio, and y is the VAP ID. For example, to configure security on VAP 3 on radio 2, use wlan1vap3 instead of wlan0 in all of the following commands. 1. Set the Security Mode DLINK-AP# set interface wlan0 security wpa-personal 2. Set the WPA versions based on what types of client stations you want to support. - WPA-If all client stations on the network support the original WPA but none support the newer WPA2, then use WPA. set bss wlan0bssvap0 wpa-allowed on set bss wlan0bssvap0 wpa2-allowed off - WPA2-If all client stations on the network support WPA2, we suggest using WPA2 which provides the best security per the IEEE 802.11i standard. set bss wlan0bssvap0 wpa-allowed off set bss wlan0bssvap0 wpa2-allowed on - WPA and WPA2-If you have a mix of clients, some of which support WPA2 and others which support only the original WPA, select both. This lets both WPA and WPA2 client stations associate and authenticate, but uses the more robust WPA2 for clients who support it. This WPA configuration allows more interoperability, at the expense of some security. set bss wlan0bssvap0 wpa-allowed on set bss wlan0bssvap0 wpa2-allowed on 3. Set the Cipher Suite you want to use. - TKIP Only: Temporal Key Integrity Protocol (TKIP). set bss wlan0bssvap0 wpa-cipher-tkip on set bss wlan0bssvap0 wpa-cipher-ccmp off - CCMP (AES) Only-Counter mode/CBC-MAC Protocol (CCMP) is an encryption method for IEEE 802.11i that uses the Advanced Encryption Algorithm (AES). set bss wlan0bssvap0 wpa-cipher-tkip off set bss wlan0bssvap0 wpa-cipher-ccmp on - TKIP and CCMP (AES)-When you enable both authentication algorithms, both TKIP and AES clients can associate with the access point. WPA clients must have either a valid TKIP key or a valid CCMP (AES) key to be able to associate with the AP. set bss wlan0bssvap0 wpa-cipher-tkip on set bss wlan0bssvap0 wpa-cipher-ccmp on 4. Set the Pre-shared key. The Pre-shared Key is the shared secret key for WPA-PSK. Enter a string of at least 8 Access Point CLI Commands 143

Section	Page
Unified Access Point (AP) Administrator’s Guide	1
Table of Contents	3
List of Figures	7
List of Tables	9
About This Document	11
Document Organization	11
Audience	11
Document Conventions	11
Online Help, Supported Browsers, and Limitations	12
Overview of the D-Link Access Point	15
Features and Benefits	16
IEEE Standards Support	16
Wireless Features	16
Security Features	17
Networking	17
Maintainability	17
Access Point Hardware	18
Preparing to Install the Access Point	19
Default Settings for the Unified Access Points	19
Administrator’s Computer Requirements	21
Wireless Client Requirements	22
Dynamic and Static IP Addressing on the AP	23
Recovering an IP Address	23
Discovering a Dynamically Assigned IP Address	23
Using the Reset Button	23
Installing the Access Point	25
Installing the Unified Access Point	25
Viewing Basic Settings	29
Using the CLI to View the IP Address	30
Configuring the Ethernet Interface	31
Using the Web UI to configure Ethernet Settings	31
Using the CLI to Configure Ethernet Settings	33
Configuring IEEE 802.1X Authentication	34
Using the Web UI to Configure 802.1X Authentication Information	35
Using the CLI to Configure 802.1X Authentication Information	36
Verifying the Installation	36
Configuring Access Point Security	39
Understanding Security on Wireless Networks	39
Choosing a Security Mode	39
Comparing Security Modes	40
When to Use Unencrypted (No Security)	40
When to Use Static WEP	40
When to Use IEEE 802.1X	41
When to Use WPA Personal	42
When to Use WPA Enterprise	42
Enabling Station Isolation	43
Configuring Virtual Access Point Security	43
None (Plain-text)	45
Static WEP	45
Static WEP Rules	48
Example of Using Static WEP	48
IEEE 802.1X	49
WPA Personal	50
WPA Enterprise	52
Prohibiting the SSID Broadcast	53
Managing the Access Point	55
Setting the Wireless Interface	55
Using the 802.11h Wireless Mode	57
Configuring Radio Settings	58
Configuring Virtual Access Points	62
Controlling Access by MAC Authentication	66
Configuring a MAC Filter List on the AP	66
Configuring MAC Authentication on the RADIUS Server	67
Configuring Load Balancing	68
Configuring Access Point Services	69
Configuring Quality of Service (QoS)	69
Understanding QoS	69
QoS and Load Balancing	69
802.11e and WMM Standards Support	70
QoS Queues and Parameters to Coordinate Traffic Flow	70
QoS Queues and Diff-Serve Code Points (DSCP) on Packets	70
EDCF Control of Data Frames and Arbitration Interframe Spaces	71
Random Backoff and Minimum / Maximum Contention Windows	72
Packet Bursting for Better Performance	73
Transmission Opportunity (TXOP) Interval for Client Stations	73
802.1p and DSCP tags	73
Configuring QoS Settings	75
Enabling the Network Time Protocol Server	79
Enabling or Disabling a Network Time Protocol (NTP) Server	80
Maintaining the Access Point	81
Managing the Configuration File	81
Resetting the Factory Default Configuration	82
Saving the Current Configuration to a Backup File	83
Restoring the Configuration from a Previously Saved File	83
Rebooting the Access Point	85
Upgrading the Firmware	85
Configuring the Access Point for Managed Mode	87
Transitioning Between Modes	87
Configuring Managed Access Point Settings	88
Viewing Managed AP DHCP Information	89
Viewing Access Point Status	91
Viewing Interface Status	91
Ethernet (Wired) Settings	92
Wireless Settings	92
Viewing Events Logs	92
Configuring Persistent Logging Options	93
Configuring the Log Relay Host for Kernel Messages	94
Example of Using Linux syslogd	94
Enabling or Disabling the Log Relay Host on the Events Page	95
Viewing Transmit and Receive Statistics	95
Viewing Client Association Information	97
Link Integrity Monitoring	98
Viewing Neighboring Access Points	98
Wireless Client Settings and RADIUS Server Setup	101
Accessing Wireless Client Security Settings	102
Configuring a Client to Access an Unsecure Network	104
Configuring Static WEP Security on a Client	104
Configuring WPA/WPA2 Personal on a Client	106
Using an External Authentication Server	108
Configuring IEEE 802.1X Security on a Client	108
IEEE 802.1X Client Using EAP/TLS Certificate	108
Configuring WPA/WPA2 Enterprise (RADIUS)	111
WPA/WPA2 Enterprise (RADIUS) Client Using EAP/PEAP	111
WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate	113
Configuring the RADIUS Server for Authentication	116
Obtaining a TLS-EAP Certificate for a Client	119
Configuring the RADIUS Server for VLAN Tags	122
CLI for AP Configuration	125
How to Access the Access Point CLI	125
Telnet Connection to the AP	125
SSH Connection to the AP	126
Commands and Syntax	127
Using the get Command	128
Using the set Command	128
Using the add Command	129
Using the remove Command	129
Additional CLI Commands	130
Getting Help on Commands at the CLI	130
Tab Completion	130
Keyboard Shortcuts	131
Interface Naming Conventions	132
Saving Configuration Changes	133
Access Point CLI Commands	133
Configuring Basic Settings	134
Status	135
Ethernet Settings	136
Wireless Interface	137
Radio Settings	138
Virtual Access Points	139
Set Security to Static WEP	140
Set Security to IEEE 802.1X	142
Set Security to WPA/WPA2 Personal (PSK)	143
Set Security to WPA/WPA2 Enterprise (RADIUS)	144
Managed Access Point	146
IEEE 802.1X Supplicant Authentication	147
Quality of Service	147
Time	149
System Management	149
CLI Classes and Properties Reference	150

Match case Limit results 1 per page

Access Point CLI Commands

143

CLI for AP Configuration

Set Security to WPA/WPA2 Personal (PSK)

To configure WPA/WPA2 Personal as the security mode, you need to issue multiple

commands. This section describes the commands and procedures to configure WPA/WPA2

Personal.

NOTE:

This example shows how to configure WPA/WPA2 Personal on VAP 0 on

radio 1 (

wlan0

). For VAPs 1-7, use

wlan

vap

, where

is the radio, and

the VAP ID. For example, to configure security on VAP 3 on radio 2, use

wlan1vap3

instead of

wlan0

in all of the following commands.

Set the Security Mode

DLINK-AP#

set interface wlan0 security wpa-personal

Set the WPA versions based on what types of client stations you want to support.

WPA

—If all client stations on the network support the original WPA but none support

the newer WPA2, then use WPA.

set bss wlan0bssvap0 wpa-allowed on

set bss wlan0bssvap0 wpa2-allowed off

WPA2

—If all client stations on the network support WPA2, we suggest using WPA2

which provides the best security per the IEEE 802.11i standard.

set bss wlan0bssvap0 wpa-allowed off

set bss wlan0bssvap0 wpa2-allowed on

WPA and WPA2

—If you have a mix of clients, some of which support WPA2 and

others which support only the original WPA, select both. This lets both WPA and

WPA2 client stations associate and authenticate, but uses the more robust WPA2 for

clients who support it. This WPA configuration allows more interoperability, at the

expense of some security.

set bss wlan0bssvap0 wpa-allowed on

set bss wlan0bssvap0 wpa2-allowed on

Set the Cipher Suite you want to use.

TKIP Only

: Temporal Key Integrity Protocol (TKIP).

set bss wlan0bssvap0 wpa-cipher-tkip on

set bss wlan0bssvap0 wpa-cipher-ccmp off

CCMP (AES) Only

—Counter mode/CBC-MAC Protocol (CCMP) is an encryption

method for IEEE 802.11i that uses the Advanced Encryption Algorithm (AES).

set bss wlan0bssvap0 wpa-cipher-tkip off

set bss wlan0bssvap0 wpa-cipher-ccmp on

TKIP and CCMP (AES)

—When you enable both authentication algorithms, both

TKIP and AES clients can associate with the access point. WPA clients must have

either a valid TKIP key or a valid CCMP (AES) key to be able to associate with the

AP.

set bss wlan0bssvap0 wpa-cipher-tkip on

set bss wlan0bssvap0 wpa-cipher-ccmp on

Set the Pre-shared key.

The

Pre-shared Key

is the shared secret key for WPA-PSK. Enter a string of at least 8