Home » Dell Manuals » Hubs & Switches » Dell PowerConnect W-IAP92 » Manual Viewer

Dell PowerConnect W-IAP92 Dell Instant 6.1.3.1-3.0.0.0 User Guide - Page 117

Encryption, Encryption Types Supported in Dell Instant, WEP, TKIP, AES, Encryption Recommendations

View all Dell PowerConnect W-IAP92 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 117 highlights

Chapter 9 Encryption Encryption Types Supported in Dell Instant Encryption is the process of converting data into an undecipherable format or code when it is transmitted on a network. Encryption prevents unauthorized use of the data. The following encryption types are supported in Dell Instant: WEP Though WEP is an authentication method, it is also an encryption algorithm where all users typically share the same key. WEP is easily broken with automated tools, and should be considered no more secure than an open network. It is recommended against deploying WEP encryption. Organizations that use WEP are strongly encouraged to move to Advanced Encryption Standard (AES) encryption. TKIP TKIP uses the same encryption algorithm as WEP, but TKIP is much more secure and has an additional message integrity check (MIC). Recently some cracks have begun to appear in the TKIP encryption methods. It is recommended that all users migrate from TKIP to AES as soon as possible. AES The Advanced Encryption Standard (AES) encryption algorithm is now widely supported and is the recommended encryption type for all wireless networks that contain any confidential data. AES in Wi-Fi leverages 802.1X or PSKs to generate per station keys for all devices. AES provides a high level of security, similar to what is used by IP Security (IPsec) clients. It is recommended that all devices be upgraded or replaced so that they are capable of AES encryption. NOTE: WEP and TKIP are limited to WLAN connection speed of 54 Mbps. For 802.11n connection only AES encryption is supported. Encryption Recommendations Recommendations for encryption on Wi-Fi networks are as follows:  WEP -Not recommended  TKIP- Not recommended  AES- Recommended for all deployments Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0 | User Guide Encryption | 117

Section	Page
Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0	1
Contents	3
Figures	9
Tables	13
About this Guide	15
Dell PowerConnect W-Instant Access Point Overview	15
Supported Devices	15
Objective	15
Intended Audience	15
Conventions	16
Contacting Support	16
Initial Configuration	17
Initial Setup	17
Pre-Installation Checklist	17
Connecting the IAP to a Power Source	18
Assigning an IP Address to the IAP	18
Connecting to a Provisioning Wi-Fi Network	18
Login into Instant User Interface	19
Specifying the Country Code	20
IAP Cluster	20
Instant User Interface	21
Understanding the Instant UI Layout	21
Banner	22
Search	22
Tabs	22
Networks Tab	22
Access Points Tab	23
Clients Tab	23
Links	24
New Version Available	24
Settings	25
RF	27
PEF	28
WIP	28
VPN	29
Maintenance	29
Support	31
Help	34
Logout	34
Monitoring	34
Alerts	37
IDS	39
Configuration	40
Language	40
Dell PowerConnect W-AirWave Setup	40
Pause/Resume	41
Views	41
Wireless Network	43
Network Types	43
Employee Network	43
Adding an Employee Network	44
Voice Network	52
Adding a Voice Network	53
Guest Network	59
Adding a Guest Network	60
Editing a Network	65
Deleting a Network	65
Mesh Network	67
Mesh Instant Access Points	67
Mesh Portals	67
Mesh Points	68
Instant Mesh Setup	68
Managing IAPs	71
Preferred Band	71
Auto Join Mode	71
Disabling Auto Join Mode	71
LED Display	72
Terminal Access	73
TFTP Dump Server	74
Syslog Server	74
Syslog Facility Levels	75
Adding an IAP to the Network	75
Removing an IAP from the Network	76
Editing IAP Settings	76
Changing IAP Name	76
Changing IP Address of the IAP	77
Configuring Adaptive Radio Management	78
Migrating from a Virtual Controller Managed Network to Mobility Controller Managed Network	79
Converting an IAP to RAP Mode	79
Converting an IAP to CAP	82
Converting an IAP to Standalone Mode	82
Converting back to an IAP	83
Rebooting the IAP	83
Firmware Image Server in Cloud Network	85
Upgrade using Dell PowerConnect W-AirWave and Image Server	85
Image management using Cloud Server	85
Image management using Dell PowerConnect W-AirWave	85
Automatic Firmware Image Check and Upgrade	85
Upgrading to New Version	86
Manual	86
Automatic	87
NTP Server	89
Configuring an NTP Server	89
Virtual Controller	91
Master Election Protocol	91
Virtual Controller IP Address	91
Specifying Name and IP Address for the Virtual Controller	91
Configuring the DHCP Server	92
Authentication	93
Authentication Methods in Dell Instant	93
802.1X Authentication	93
Internal RADIUS Server	93
External RADIUS Server	94
Authentication Terminated on IAP	94
Configuring an External RADIUS Server	95
Enabling Instant RADIUS	97
RADIUS Server Authentication with VSA	97
List of supported VSA	97
Management Authentication Settings	100
Captive Portal	101
Internal Captive Portal	101
Configuring Internal Captive Portal Authentication when Adding a Guest Network	101
Configuring Internal Captive Portal Authentication when Editing a Guest Network	102
Configuring Internal Captive Portal with External Radius Server Authentication when Adding a Guest Network	103
Customizing a Splash Page	104
Disabling Captive Portal Authentication	105
External Captive Portal	106
Configuring External Captive Portal Authentication when Adding a Guest Network	106
Configuring External Captive Portal Authentication when Editing a Guest Network	107
External Captive Portal Authentication using Dell PowerConnect W-ClearPass GuestConnect	108
Creating a Web Login page in the Dell PowerConnect W-ClearPass GuestConnect	108
Configuring the RADIUS Server in Instant	108
MAC Authentication	109
Configuring MAC Authentication	109
Walled Garden Access	110
Creating a Walled Garden Access	110
Certificates	111
Loading Certificates using Instant WebUI	112
Loading Certificates using Dell PowrConnect W-AirWave	113
Encryption	117
Encryption Types Supported in Dell Instant	117
WEP	117
TKIP	117
AES	117
Encryption Recommendations	117
Understanding WPA and WPA2	118
Recommended Authentication and Encryption Combinations	118
Role Derivation	119
User Roles	119
Creating a New User Role	119
Creating Role Assignment Rules	120
User VLAN Derivation	123
User VLAN Derivation	123
Vendor Specific Attributes (VSA)	123
VLAN Derivation Rule	124
Configuring VLAN Derivation Rules on an IAP	124
User Role	125
Configuring a User Role	125
SSID Profile	127
Configuring VLAN Derivation Rules Using SSID Profile	127
Instant Firewall	129
Service Options	130
Destination Options	131
Examples for Access Rules	131
Allow TCP Service to a Particular Network	131
Allow PoP3 Service to a Particular Server	132
Deny FTP Service except to a Particular Server	133
Deny bootp Service except to a Particular Network	134
Content Filtering	137
Enabling Content Filtering	137
Enterprise Domains	138
OS Fingerprinting	139
Adaptive Radio Management	141
ARM Features	141
Channel or Power Assignment	141
Voice Aware Scanning	141
Load Aware Scanning	141
Band Steering Mode	141
Airtime Fairness Mode	142
Airtime Fairness Modes	142
Access Point Control	142
Customize Valid Channels	142
Min Transmit Power	143
Max Transmit Power	143
Client Aware	143
Scanning	143
Wide Channel Bands	143
Monitoring the Network with ARM	143
ARM Metrics	143
Configuring Administrator Assigned Radio Settings for IAP	144
Configuring Radio Profiles in Instant	145
Intrusion Detection System	147
Rogue AP Detection and Classification	147
Wireless Intrusion Protection (WIP)	147
Containment Methods	151
SNMP	153
SNMP Parameters for IAP	153
SNMP Traps	155
Ethernet Downlink	157
Ethernet Downlink Overview	157
Ethernet Downlink Profile Parameters	157
Assigning a Profile to the Ethernet Port	158
Uplink Configuration	159
Uplink Configuration Overview	159
Ethernet	159
3G Uplink	159
Types of Modems	159
Uplink Switchover	162
Uplink Preemption	163
Uplink Preference	163
Dell PowerConnect W-AirWave Integration and Management	165
Dell PowerConnect W-AirWave Features	165
Image Management	165
IAP and Client Monitoring	165
Template-based Configuration	166
Trending Reports	166
Intrusion Detection System	166
Wireless Intrusion Detection System (WIDS) Event Reporting to Dell PowerConnect W-AirWave	166
RF Visualization Support for Dell Instant	167
Configuring Dell PowerConnect W-AirWave	167
Creating your Organization String	167
About Shared Key	168
Entering the Organization String and AMP Information into the IAP	168
Dell PowerConnect W-AirWave Discovery through DHCP Option	168
Standard DHCP option 60 and 43 on Windows Server 2008 for Dell Instant APs	168
Alternate method for defining Vendor Specific DHCP options	171
Monitoring	175
Virtual Controller View	175
Monitoring Link	176
Info	176
RF Dashboard	176
Usage Trends	176
Client Alerts Link	177
IDS Link	177
Network View	178
Info	178
Usage Trends	179
Instant Access Point View	180
Info	181
RF Dashboard	181
RF Trends	181
Usage Trends	183
Client View	184
Info	184
RF Dashboard	184
RF Trends	185
Mobility Trail	188
Alert Types and Management	189
Alert Types	189
Policy Enforcement Firewall	191
Authentication Servers	191
Users for Internal Server	192
Roles	192
Client Blacklisting	193
Types of Client Blacklisting	194
Manual Blacklisting	194
Adding a Client to the Manual Blacklist	194
Dynamic Blacklisting	194
Authentication Failure Blacklisting	194
Session Firewall Based Blacklisting	195
PEF Settings	195
Firewall ALG Configuration	195
Firewall-based Logging	196
VPN Configuration	197
VPN Configuration	197
Routing Profile Configuration	198
DHCP Server Configuration	198
NAT DHCP Configuration	199
Distributed L2 DHCP Configuration	200
Distributed L3 DHCP Configuration	201
Centralized L2 DHCP Configuration	202
User Database	203
Adding a User	203
Editing User Settings	204
Deleting a User	204
Regulatory Domain	205
Country Codes List	206
Controller Configuration for VPN	209
Whitelist DB Configuration if the Controller is acting as the Whitelist Entry	209
VPN Local Pool Configuration	210
IAP VPN Profile Configuration	210
Abbreviations	213

Match case Limit results 1 per page

Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0

User Guide

Encryption

117

Chapter 9

Encryption

Encryption Types Supported in Dell Instant

Encryption is the process of converting data into an undecipherable format or code when it is transmitted on a

network. Encryption prevents unauthorized use of the data. The following encryption types are supported in Dell

Instant:

WEP

Though WEP is an authentication method, it is also an encryption algorithm where all users typically share the

same key. WEP is easily broken with automated tools, and should be considered no more secure than an open

network. It is recommended against deploying WEP encryption. Organizations that use WEP are strongly

encouraged to move to Advanced Encryption Standard (AES) encryption.

TKIP

TKIP uses the same encryption algorithm as WEP, but TKIP is much more secure and has an additional message

integrity check (MIC). Recently some cracks have begun to appear in the TKIP encryption methods. It is

recommended that all users migrate from TKIP to AES as soon as possible.

AES

The Advanced Encryption Standard (AES) encryption algorithm is now widely supported and is the

recommended encryption type for all wireless networks that contain any confidential data. AES in Wi-Fi

leverages 802.1X or PSKs to generate per station keys for all devices. AES provides a high level of security, similar

to what is used by IP Security (IPsec) clients. It is recommended that all devices be upgraded or replaced so that

they are capable of AES encryption.

Encryption Recommendations

Recommendations for encryption on Wi-Fi networks are as follows:



WEP —Not recommended



TKIP— Not recommended



AES— Recommended for all deployments

NOTE:

WEP and TKIP are limited to WLAN connection speed of 54 Mbps. For 802.11n connection only AES encryption is supported.