1. Home
    2. /
  2. Manuals
    3. /
  3. Allied-Telesis
    4. /
  4. AT-iMG624A
    5. /
  5. 192
Page 956 / 998 Scroll up to view Page 951 - 955
Wireless Interface
Authentication Configuration
iMG/RG Software Reference Manual (Wireless)
9-18
swupdate set server 172.30.1.9
swupdate set path /public/swupdate/3-4_57_02_04/alpha/iMG634B/upload
swupdate set login root
swupdate set passwd friend
swupdate stop_time none
swupdate start_time minute */2 hour * day_of_month * month *
day_of_week *
#Wireless port configuration for WPA2 AES-CCMP authentication with
password “friendfriend”
port wireless set Disable false
port wireless set ESSID iMG634WA-example
802.1x authenticator set authentication local
802.1x authenticator set authentication enable
port wireless set WPAEnableWPA1 true
port wireless set WPAEnableWPA2 true
port wireless set WPA true
port wireless set WPAEnablePSK true
port wireless set WPA2EnableTKIP false
port wireless set WPA2EnableAES_CCMP true
port wireless set WPA2EnablePreauth true
port wireless set Authentication WPA-PSK
port wireless set Encryption TKIP
wpa set shared passphrase friendfriend
9.1.4
Authentication Configuration
9.1.4.1 Open Authentication Configuration
9.1.4.1.1 Open Authentication - None Encryption
On open-system authentication no actual authentication takes place: all stations are allowed to connect to the
AP without credential exchange.
On CPE side, an open wireless network can be configured through the following CLI commands list:
port wireless set Disable false
port wireless set ESSID iMG634WB-172.32.2.146 (example)
802.1x authenticator set authentication local
802.1x authenticator set authentication disabled
port wireless set Authentication Open
port wireless set Encryption None
Page 957 / 998
Authentication Configuration
Wireless Interface
9-19
iMG/RG Software Reference Manual (Wireless)
9.1.4.1.2 Open Authentication - WEP Encryption @ 64 bit
WEP (Wired Equivalent Privacy) is the basic 802.11's encryption algorithm implemented in the Medium Access
Control Layer (MAC layer) of wireless network devices. WEP has been deprecated by IEEE as it provides secu-
rity that deters only unintentional use, leaving the network vulnerable to deliberate compromise.
For better security levels use WPA or WPA2.
The open network authentication system with WEP encryption doesn't pass on any information to the client in
plain text, just the corresponding encrypted text.
On CPE side, a 64bit WEP encrypted wireless network can be configured through the following CLI commands
list:
port wireless set Disable false
port wireless set ESSID iMG634WB-172.32.2.146 (example)
802.1x authenticator set authentication local
802.1x authenticator set authentication disable
port wireless set Authentication Open
port wireless set Encryption WEP64
port wireless set Mode64Key0 11-22-33-44-55 (example)
port wireless set Mode64Key1 66-77-88-99-aa (example)
port wireless set Mode64Key2 bb-cc-dd-ee-ff (example)
port wireless set Mode64Key3 10-1a-aa-a1-01 (example)
9.1.4.1.3 Open Authentication - WEP Encryption @ 128 bit
On CPE side, a 128bit WEP encrypted wireless network can be configured through the following CLI com-
mands list:
port wireless set Disable false
port wireless set ESSID iMG634WB-172.32.2.143 (example)
802.1x authenticator set authentication local
802.1x authenticator set authentication disable
port wireless set Authentication Open
port wireless set Encryption WEP128
port wireless set Mode128Key0 11-22-33-44-55-66-77-88-99-aa-bb-cc-dd*
port wireless set Mode128Key1 66-77-88-99-aa-bb-cc-dd-ee-ff-11-22-33*
port wireless set Mode128Key2 bb-cc-dd-ee-ff-11-22-33-44-55-66-77-88*
port wireless set Mode128Key3 10-1a-aa-a1-10-1a-aa-a1-10-1a-aa-a1-77*
*examples
9.1.4.2 Shared Authentication Configuration
With a shared-key authentication process the AP (Access Point) sends challenge text to the client in clear text,
and then the client encrypts it and sends it back to the AP for authentication.
Page 958 / 998
Wireless Interface
Authentication Configuration
iMG/RG Software Reference Manual (Wireless)
9-20
Because on shared-key authentication the shared system passes along additional information, this authentica-
tion method exposes information that could be used by a hacker to crack the WEP key.
For better security levels use WPA or WPA2.
9.1.4.2.1 Shared Authentication and WEP Encryption @ 64bit
On CPE side, a Shared system supporting 64bit WEP encryption can be configured through the following CLI
commands list:
port wireless set Disable false
port wireless set ESSID iMG634WA-ST-172.32.2.142 (example)
802.1x authenticator set authentication local
802.1x authenticator set authentication disable
port wireless set Authentication Shared
port wireless set Encryption WEP64
port wireless set Mode64Key0 11-22-33-44-00
port wireless set Mode64Key1 55-66-77-88-00
port wireless set Mode64Key2 aa-bb-cc-dd-00
port wireless set Mode64Key3 ab-cd-ef-98-76
9.1.4.2.2 Shared Authentication and WEP Encryption @ 128bit
On CPE side, a Shared system supporting 128bit WEP encryption can be configured through the following CLI
commands list:
port wireless set Disable false
port wireless set ESSID iMG634WA-ST-172.32.2.142 (example)
802.1x authenticator set authentication local
802.1x authenticator set authentication disable
port wireless set Authentication Shared
port wireless set Encryption WEP128
port wireless set Mode128Key0 11-22-33-44-55-66-77-88-99-aa-bb-cc-dd*
port wireless set Mode128Key1 66-77-88-99-aa-bb-cc-dd-ee-ff-11-22-33*
port wireless set Mode128Key2 bb-cc-dd-ee-ff-11-22-33-44-55-66-77-88*
port wireless set Mode128Key3 10-1a-aa-a1-10-1a-aa-a1-10-1a-aa-a1-77*
*examples
9.1.4.3 WPA-PSK Authentication and TKIP Encryption
WPA (Wi-Fi Protected Access) authentication is a strong, standards-based interoperable Wi-Fi security specifi-
cation that uses Temporal Key Integrity Protocol (TKIP) as data encryption method.
On CPE side, a WPA-PSK with TKIP encryption wireless network can be configured through the following
command list:
Page 959 / 998
Summary of wireless attribute and configurations
Wireless Interface
9-21
iMG/RG Software Reference Manual (Wireless)
port wireless set Disable false
port wireless set ESSID iMG634WA-ST-172.32.2.142 (example)
802.1x authenticator set authentication local
802.1x authenticator set authentication enabled
port wireless set Authentication WPA-PSK
port wireless set Encryption TKIP
wpa set shared passphrase friendfriend (example)
9.1.4.4 WPA2-PSK Authentication and AES_CCMP Encryption
WPA2 (formerly IEEE 802.11i) is an evolution of WPA and uses a new strong AES-based encryption algorithm,
CCMP (Counter Mode with CBC-Message Authentication Code Protocol), which is considered fully secure.
On CPE side, a WPA2-PSK AES_CCMP encryption wireless network can be configured through the following
CLI commands list:
port wireless set Disable false
port wireless set ESSID iMG634WA-ST-172.32.2.142 (example)
802.1x authenticator set authentication local
802.1x authenticator set authentication enabled
port wireless set Authentication WPA-PSK
port wireless set Encryption AES_CCMP
wpa set shared passphrase friendfriend (example)
9.1.4.5 WPA2 Mixed Mode Authentication
Using this configuration, wireless clients of both types (WPA and WPA2) can connect to the device.
On CPE side, a WPA2 Mixed Mode encryption wireless network can be configured through the following CLI
commands list:
port wireless set Disable false
port wireless set ESSID iMG634WA-ST-172.32.2.142 (example)
802.1x authenticator set authentication local
802.1x authenticator set authentication enabled
port wireless set Authentication WPA-PSK
port wireless set Encryption WPA2_Mixed
wpa set shared passphrase friendfriend (example)
9.1.5
Summary of wireless attribute and configurations
The configuration commands
<port wireless set Authentication/Encryption ...>
acts
directly on the wireless port attributes in order to set up the desired authentication configuration. The follow-
Page 960 / 998
Wireless Interface
Wireless Interface CLI commands
iMG/RG Software Reference Manual (Wireless)
9-22
ing table summarizes the relationship between these commands and the related port attributes (see next chap-
ter for a detailed description of each one).
9.1.6
Wireless Interface CLI commands
9.1.6.1 802.1x Authenticator commands
The table below lists the
802.1x Authenticator
commands provided by the CLI:
TABLE 9-1
Summary of wireless port attributes versus wireless security schemes
Authentication type /
Encryption method
Open
None
Open
Wep
64bit
Open
Wep
128bit
Shared
Wep
64bit
Shared
Wep
128bit
WPA-PSK
TKIP
WPA2-PSK
AES_CCMP
WPA2
Mixed
Mode
WepEncryption
disabled
64bit
128bit
64bit
128bit
disabled
disabled
disabled
WepAuthentication
False
False
False
True
True
False
False
False
WPAEnableWPA1
False
False
False
False
False
True
False
True
WPAEnableWPA2
False
False
False
False
False
False
True
True
WPA
False
False
False
False
False
True
True
True
WPAEnablePSK
False
False
False
False
False
True
True
True
WPAEnableTKIP
False
False
False
False
False
True
False
True
WPA2EnableAES_CCMP
False
False
False
False
False
False
True
True
802.1x authentication
disable
disable
disable
disable
disable
enable
enable
enable

Rate

4 / 5 based on 3 votes.

Popular Allied-Telesis Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top