Dell PowerConnect W Clearpass 100 Software Podręcznik Użytkownika Strona 120
- Strona / 296
- Spis treści
- ROZWIĄZYWANIE PROBLEMÓW
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
120120 | Authentication
Dell PowerConnect W-Series Aruba Instant 6.2.1.0-3.3 | User Guide
l EAP-PEAP (MSCHAPv2)— EAP-PEAP is an 802.1X authentication method that uses server-side public key
certificates to authenticate clients with server. The PEAP authentication creates an encrypted SSL / TLS tunnel
between the client and the authentication server. Exchange of information is encrypted and stored in the tunnel
ensuring the user credentials are kept secure.
l LEAP— Lightweight Extensible Authentication Protocol (LEAP) uses dynamic WEP keys for authentication
between the client and authentication server.
To use OAW-IAP’s internal database for user authentication, add the names and passwords of the users to be
authenticated.
Alcatel-Lucent does not recommend the use of LEAP authentication method, because it does not provide
any resistance to network attacks.
Authentication Termination on OAW-IAP
AOS-W Instant allows Extensible Authentication Protocol (EAP) termination for Protected Extensible Authentication
Protocol (PEAP)-Generic Token Card (PEAP-GTC) and Protected Extensible Authentication Protocol-Microsoft
Challenge Authentication Protocol version 2 (PEAP-MSCHAV2). PEAP-GTC termination allows authorization
against an Lightweight Directory Access Protocol (LDAP) server and external RADIUS server while PEAP-
MSCHAV2 allows authorization against an external RADIUS server.
This allows the users to run PEAP-GTC termination with their username and password to a local Microsoft Active
Directory server with LDAP authentication.
l EAP-Generic Token Card (GTC)— This EAP method permits the transfer of unencrypted usernames and
passwords from client to server. The main uses for EAP-GTC are one-time token cards such as SecureID and
the use of LDAP or RADIUS as the user authentication server. You can also enable caching of user credentials
on the OAW-IAP to an external authentication server for user data backup.
l EAP-Microsoft Challenge Authentication Protocol version 2 (MS-CHAPv2)— This EAP method is widely
supported by Microsoft clients. A RADIUS server must be used as the back-end authentication server.
Understanding Encryption Types
Encryption is the process of converting data into a cryptic format or code when it is transmitted on a network.
Encryption prevents unauthorized use of the data.
Instant supports the following types of encryption:
l WEP —Wired Equivalent Privacy (WEP) is an authentication method where all users share the same key. WEP
is not secure as other encryption types such as TKIP.
l TKIP —Temporal Key Integrity Protocol (TKIP) uses the same encryption algorithm as WEP. However, TKIP is
more secure and has an additional message integrity check (MIC).
l AES — The Advanced Encryption Standard (AES) encryption algorithm a widely supported encryption type for all
wireless networks that contain any confidential data. AES in Wi-Fi leverages 802.1X or PSKs to generate per
station keys for all devices. AES provides a high level of security like IP Security (IPsec) clients.
WEP and TKIP are limited to WLAN connection speed of 54 Mbps. The 802.11n connection supports
only AES encryption. Alcatel-Lucent recommends AESencryption. Ensure that all devices that do not
support AES are upgraded or replaced with the devices that support AES encryption.
WPA and WPA2
WPA is created based on a draft of 802.11i, which allowed users to create more secure WLANs. WPA2
encompasses the full implementation of the 802.11i standard. WPA2 is a superset that encompasses the full WPA
- AOS-W Instant 1
- 6.2.1.0-3.3 1
- User Guide 1
- Contents 3
- Mesh OAW-IAP Configuration 75 6
- Wireless Network Profiles 79 7
- Uplink Configuration 95 8
- Wired Profiles 109 8
- Authentication 117 9
- 1010 10
- Roles and Policies 155 12
- Spectrum Monitor 183 14
- Adaptive Radio Management 191 15
- Intrusion Detection 201 15
- Content Filtering 209 15
- DHCP Configuration 213 16
- VPN Configuration 221 16
- IAP-VPN Configuration 225 16
- AirGroup Configuration 241 17
- Hotspot Profiles 251 18
- OAW-IAP Management 263 19
- Regulatory Domain 281 20
- ClearPass Guest Setup 286 20
- Terminology 291 20
- Related Documents 21
- Conventions 21
- Intended Audience 21
- Contacting Support 22
- AOS-W Instant Overview 23
- AOS-W Instant UI 24
- AOS-W Instant CLI 24
- New Features in 6.2.1.0-3.3 25
- Setting up Instant Network 27
- Assigning a Static IP 28
- OAW-IAP Cluster 28
- 9600 8 None 1 None 29
- Accessing the Instant CLI 30
- Sequence-Sensitive Commands 32
- Chapter 6 33
- AOS-W Instant User Interface 33
- Networks Tab 34
- Access Points Tab 34
- Clients Tab 35
- New Version Available 35
- Security 38
- Maintenance 39
- Figure 8 VPN - Default View 41
- Monitoring 44
- RF Dashboard Icons 46
- Icon Name Description 47
- RF Trends 47
- Figure 16 Signal Graph 47
- Spectrum 53
- Types of Alerts 54
- Alerts List 55
- Configuration 57
- AirGroup 57
- Language 58
- OmniVista 3600 Setup 58
- Pause/Resume 58
- 0511361-01 60
- Chapter 7 61
- Modifying the OAW-IAP Name 62
- Configuring External Antenna 63
- Upgrading an OAW-IAP 64
- Upgrading an Image Using CLI 66
- Enabling Terminal Access 67
- Enabling Auto Join Mode 67
- Configuring a Preferred Band 68
- Configuring an NTP Server 70
- 0511361-01 72
- Virtual Controller Overview 73
- Mesh Network Overview 75
- Mesh Points 76
- 0511361-01 78
- Chapter 10 79
- Wireless Network Profiles 79
- VLAN Pooling 83
- Enabling the Extended SSID 93
- Editing a WLAN SSID Profile 94
- Deleting a WLAN SSID Profile 94
- Chapter 11 95
- Uplink Configuration 95
- Ethernet Uplink 96
- 3G/4G Uplink 97
- List of Supported 3G Modems 98
- Configuring Uplinks 99
- In the Instant UI 100
- In the CLI 100
- 102102 102
- Enforcing Uplinks 104
- Setting an Uplink Priority 104
- Enabling Uplink Preemption 105
- 106106 106
- 0511361-01 108
- Configuring a Wired Profile 109
- 112112 112
- Deleting a Wired Profile 116
- Editing a Wired Profile 116
- Chapter 13 117
- Authentication 117
- 118118 118
- External RADIUS Server 119
- Internal RADIUS Server 119
- WPA and WPA2 120
- WPA and WPA2 Features 121
- Access-Accept 121
- 122122 122
- Parameter Description 125
- Table 20: 125
- Management Interface 127
- Configuring Users 129
- 136136 136
- 140140 140
- RADIUS Services 141
- Field Description 143
- Table 23: 143
- Blacklisting Clients 148
- Blacklisting Clients Manually 149
- Uploading Certificates 150
- 152152 152
- OAW-IAP 153
- 0511361-01 154
- Chapter 14 155
- Roles and Policies 155
- Service Description 156
- Destination Options 157
- Configuring Access Rules 158
- Configuring Source NAT 159
- Examples for Access Rules 160
- Configuring ALG Protocols 162
- Configuring User Roles 165
- MAC-Address Attribute 167
- 802.1X-Authentication-Type 167
- Understanding VLAN Assignment 168
- Supported VSAs 170
- 172172 172
- VLAN Derivation Rule 173
- User Role 173
- VLANs Created for an SSID 174
- Creating a User VLAN Role 175
- 176176 176
- 4. Click OK 177
- 0511361-01 178
- Layer-3 Mobility Overview 179
- Configuring L3-Mobility 180
- 0511361-01 182
- Understanding Spectrum Data 183
- Non Wi-Fi Interferers 184
- Non Wi-Fi Interferer Types 185
- Channel Details 186
- Channel Metrics 187
- Spectrum Alerts 188
- ARM Overview 191
- Airtime Fairness Mode 192
- ARM Metrics 193
- To view ARM configuration: 196
- 0511361-01 200
- OS Fingerprinting 201
- 202202 202
- Table 38: 203
- Client Detection Policies 204
- Client Protection Policies 205
- Configuring IDSUsing CLI 206
- 0511361-01 208
- Content Filtering 209
- Enabling Content Filtering 209
- 0511361-01 212
- Chapter 20 213
- DHCP Configuration 213
- Configuring DHCP Scopes 214
- Name Description 215
- Table 42: 215
- DHCP Relay and Option 82 218
- Understanding VPN Features 221
- Configuring Routing Profiles 223
- Overview 225
- VPN Configuration 226
- Viewing Branch Status 227
- IAP Table Parameters 228
- OmniVista 3600 Features 229
- Trending Reports 230
- Intrusion Detection System 230
- Configuring OmniVista 3600 231
- Shared Key 238
- 6. Click OK 239
- 0511361-01 240
- AirGroup Overview 241
- AirGroup with Instant 242
- AirGroup Solution 243
- AirGroup Features 244
- AirGroup Components 245
- To configure AirGroup Service 247
- AirGroup RADIUS client 247
- Creating a RADIUS Server 248
- Assign a Server to AirGroup 248
- Configuring RTLS 249
- To configure Aeroscout RTLS 250
- Chapter 26 251
- Hotspot Profiles 251
- Access Network Types 252
- NAI Realm List 253
- Venue types 253
- 254254 254
- 256256 256
- Configuring a 3GPP Profile 258
- Configuring a Domain Profile 258
- Configuring H2QP Profiles 258
- Configuring a Hotspot Profile 260
- Table 48: 261
- 262262 262
- Configuring LED Display 263
- Restoring Configuration 264
- 266266 266
- Rebooting the OAW-IAP 268
- 0511361-01 270
- Configuring SNMP 271
- Configuring SNMP Traps 274
- Configuring TFTP Dump Server 274
- Configuring a Syslog Server 275
- Viewing Logs 276
- Support Commands 277
- Country Codes List 281
- Code Country Name 282
- ClearPass Guest Setup 286
- Troubleshooting 290
- Acronyms and Abbreviations 291
- List of abbreviations 292
- Glossary 293
- List of Terms 294
Powiązane produkty i podręczniki dla Oprogramowanie Dell PowerConnect W Clearpass 100 Software
(378 strony)
(15 strony)© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.045 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji