background image

18

C

HAPTER

 3: A

CCESS

 P

OINT

 S

ECURITY

them. After successful authentication, the TLS server securely sends the session 
keys to the access point and user data is allowed to pass. EAP-TLS is currently 
supported only under Windows XP.

3Com Serial

Authentication

Serial Authentication

, a 3Com-proprietary upper layer authentication mechanism, 

uses a two-phase process involving both EAP-TLS and EAP-MD5

In the first phase, the wireless client and the RADIUS EAP-TLS server mutually 
authenticate each other. All clients can authenticate to the TLS server because 
a common certificate is provided during software installation. Successful 
completion of this phase establishes dynamic session keys that protect 
subsequent communication between the wireless client and access point.

In the second phase, the server can securely use EAP-MD5 to authenticate the 
user. Once authenticated, the server informs the access point and data traffic 
from the client is allowed to pass to the wired network.

3Com Serial Authentication also includes optional dynamic session-key renewal, 
which greatly enhances system security. Dynamic key renewal means that, 
following the initial upper layer authentication, the client and the access point 
periodically update the session keys used for encryption. 

3Com’s Serial Authentication method provides obvious advantages. By combining 
encryption key distribution and a secure network authentication, it makes use of 
two complementary authentication schemes. Additionally, the client and the 
access point dynamically update session keys while the network session is in 
progress. Because Serial Authentication is a 3Com proprietary scheme, it must be 
used with the 3Com Wireless LAN PC Card (model 3CRWE62092A) and the 3Com 
Access Point 8000. Serial authentication is supported by the 3Com 802.1x agent 
(described below).

Additional Security 
Configuration Options

If you choose not to use an upper layer authentication scheme, 3Com’s security 
solution also supports the authentication and encryption methods described 
below.

Open Network.

 The open-network option assumes that neither authentication 

nor encryption are required. No security is used.

40-bit Shared Key Encryption.

 This option is compatible with Wi-Fi certified 

equipment from other vendors. Encryption keys must be set up on both the client 
and the access point. The network administrator sets up a fixed set of encryption 
keys for the wireless network and supplies users with an encryption string or a set 
of hexadecimal keys. This option can be used with local access point 
authentication or with EAP-MD5 RADIUS authentication.

128-bit Shared Key Encryption. 

This option is compatible with 128-bit shared 

key from most vendors, including 3Com, Agere, and Cisco. The network 
administrator sets up encryption keys for the wireless network and supplies users 
with an encryption string or hexadecimal keys. You must set up encryption keys on 
both the client and access point. This option can be used with local access point 
authentication or with EAP-MD5 RADIUS authentication.

Содержание Wireless LAN 11 Mbps

Страница 1: ...http www 3com com http support 3com com registration frontpg pl 11 Mbps Wireless LAN Access Point 8000 User Guide Version 1 1 Published April 2002 Version 1 1 2...

Страница 2: ...py will be provided to you UNITED STATES GOVERNMENT LEGEND If you are a United States government agency then this documentation and the software described herein are provided to you subject to the fol...

Страница 3: ...fferent Antenna 11 Omnidirectional Antenna 11 Ceiling Mount Omnidirectional Antenna 12 Ceiling Mount Hallway Antenna 12 Directional Panel Antenna 13 Connecting an Optional Antenna 13 Installing Softwa...

Страница 4: ...n Password 33 Restoring Factory Defaults 33 Resetting the Access Point 33 Backing up Configurations 33 Restoring Configurations 33 Viewing Statistics 34 Viewing System Status 35 5 CONDUCTING A SITE SU...

Страница 5: ...Returning Products for Repair 48 REGULATORY COMPLIANCE INFORMATION INDEX...

Страница 6: ......

Страница 7: ...n the wired and wireless networks In this configuration the access point provides the link between the wired network and wireless clients Clients can move freely throughout the service area of the acc...

Страница 8: ...aces SNMP HP OpenView and 3Com Network Supervisor 3NS Authentication features Supports RADIUS authentication between the wireless client and the RADIUS servers in conjunction with the IEEE 802 1x For...

Страница 9: ...ftware Utilities on page 14 6 To set up a wireless client to authenticate through the access point to your RADIUS server refer to Using the Wireless 802 1x Agent on page 19 7 To set access point secur...

Страница 10: ......

Страница 11: ...her electrical equipment The power supply must be located near a power source If you are connecting the access point to a wired network the location must provide an Ethernet connection You will need t...

Страница 12: ...the access point at a 45 degree angle As a rule the initial orientation of the antennas should be perpendicular to the floor After network startup you may need to adjust the antennas to fine tune cove...

Страница 13: ...uctions on the mounting template supplied in the box and refer to the following illustration Preferably mount the access point near the ceiling above any obstructions that could block transmission Pos...

Страница 14: ...g them so they grip the T rail snugly Tighten the screws on the T rail grip Position the antenna so that the arms point down and away from the access point at a 45 angle NOTE After installation there...

Страница 15: ...onnect the power make sure you connect the cable to the port labeled To Access Point on the power supply When the access point receives power the LEDs light The access point is IEEE 802 3af compliant...

Страница 16: ...POW ER SUPPLY E T H E R N E T W IR E L E S S P O W E R TO ACCESS POIN T TO HUB S W IT CH Ethernet LED Description Power On Access point has power Off Access point is not receiving power Wireless Blink...

Страница 17: ...on by grounding the outer shield as recommended Some arrestor designs provide over voltage protection for the signal sent down the cable If you use such Model number 3CWE490 3CWE492 3CWE497 3CWE498 De...

Страница 18: ...his antenna does not have an electrical connection between the mask mount and the coaxial cable shield However adding a lightning arrestor will correct this situation by grounding the outer shield as...

Страница 19: ...ictions apply In all other countries transmit power is limited to 100 mW You must manually select Low or Medium power from the Data Transmission Properties page of the configuration management system...

Страница 20: ...ansmission Properties on page 27 Installing Software Utilities The 3Com Administrator Utilities CD includes tools and utilities to help you set up and administer the wireless components of your networ...

Страница 21: ...visor manage additional 3Com equipment You should install the service pack only after installing the 3Com Network Supervisor Install Adobe Acrobat Reader For users who do not already have Acrobat Read...

Страница 22: ......

Страница 23: ...ire certificates or other security information installed on client machines At login the RADIUS server verifies the username and password provided by the user Once the user is authenticated the server...

Страница 24: ...s use of two complementary authentication schemes Additionally the client and the access point dynamically update session keys while the network session is in progress Because Serial Authentication is...

Страница 25: ...ients to authenticate to the Access Point 8000 using either EAP MD5 or 3Com Serial Authentication The 802 1x agent can be used with any vendor s PC card but to take advantage of 3Com s Serial Authenti...

Страница 26: ...er Use this field to identify the network adapter to use for connections requiring authentication The list box lists all the network adapters found in the computer The highest level of security 3Com s...

Страница 27: ...Wireless 802 1x Agent 21 whenever an untrusted certificate is received The 802 1x agent remembers the last trusted certificate whether imported or manually verified and automatically accepts that cer...

Страница 28: ......

Страница 29: ...re that you have current information Automated operations intelligent defaults and the ability to detect Network misconfigurations and offer optimization suggestions make this application ideal for ne...

Страница 30: ...e 3Com wireless LAN devices that are associated to each service area Devices in a different subnet than your computer are identified with exclamation points You can refresh this display by clicking Re...

Страница 31: ...ted to assign an address on the same subnet as your computer Refresh Scans the network and displays the connected 3Com 11 Mbps Wireless LAN devices Choose NIC If your computer has more than one networ...

Страница 32: ...provided and click Save If you change the IP address you cannot continue to configure the access point using the old IP address If you want to continue configuring this access point you must close yo...

Страница 33: ...he Channel list Network Traffic Accelerator To increase performance click On enhanced performance If you experience problems when equipment other than 3Com 11 Mbps Wireless LAN equipment is being used...

Страница 34: ...en 1 and 256 and click Save To disable load balancing click Off When load balancing is Off the default up to 256 clients can associate with the access point If you specify a small number of clients it...

Страница 35: ...ess Point Encryption Settings RADIUS Serial Authentication with Dynamic Encryption Key Enables mutual RADIUS authentication implementation which allows client and RADIUS to mutually authenticate EAP T...

Страница 36: ...Key security requires you to set up an encryption string or hexadecimal keys as described for 40 bit Encryption Shared Key Wi Fi 128 bit Dynamic Security Link This setting requires that you select Ac...

Страница 37: ...ntication servers dynamic key exchange servers and accounting servers If you enter an invalid IP address for any of the servers an error message is displayed Once an accounting server is set up you ca...

Страница 38: ...og If you do not have a syslog server you can install the one shipped with the access point Use the 3Com CD Tools and Utilities options to install the 3CDaemon syslog server Upgrading the System You c...

Страница 39: ...and holding it in for five seconds Resetting the Access Point The Reset Wireless Access Point page allows you to reboot the access point without affecting the current configuration settings You can a...

Страница 40: ...cessfully received RTS frames successfully transmitted and received frames for which no CTS frames were received in response to RTS frames being sent CTS frames received in response to an RTS frames t...

Страница 41: ...he interface which were discarded because of an unknown or unsupported protocol Interface Statistics Displays the interface statistics for the access point The top table displays the interface counts...

Страница 42: ...36 CHAPTER 4 CONFIGURING THE ACCESS POINT 8000...

Страница 43: ...Locations To set up the tests you install the access point temporarily in several trial locations Look at your site floor plan and make a list of work areas where clients are likely to be positioned...

Страница 44: ...intended or known to produce heat such as space heaters laser printers heat guns or soldering irons Single devices drawing more than 20 of the rated value of the circuit Multiple devices drawing a to...

Страница 45: ...h a static IP address you only need to make note of it one time If the access point gets its IP address from a DHCP server you will need to find it each time you move the access point while conducting...

Страница 46: ...ch access point location At any time during the testing you can save the current set of tests start a new set of tests and print test results For a description of the commands available in the utility...

Страница 47: ...Survey window File New Survey Start a new set of tests Open Open a set of tests that you saved previously Save Save the current set of tests Save As Save the current set of tests with a new name Print...

Страница 48: ......

Страница 49: ...e power brick Verify the network wiring and topology for proper configuration Check that the cables used are the proper type Access point powers up but does not associate with wireless clients Confirm...

Страница 50: ...s point in the Wireless Network Tree In the Device Manager window click the Refresh button to refresh the Wireless Network Tree Then click the access point in the Wireless Network Tree and click Prope...

Страница 51: ...such as technical documentation and software library as well as support options that range from technical education to maintenance and professional services 3Com Knowledgebase Web Services This intera...

Страница 52: ...ices To find out more about your support options call the 3Com technical telephone support phone number at the location nearest you When you contact 3Com for assistance have the following information...

Страница 53: ...oland Portugal South Africa Spain Sweden Switzerland U K 0800 297468 0800 71429 800 17309 0800 113153 0800 917959 0800 1821502 06800 12813 1800 553117 1800 9453794 800 8 79489 0800 23625 0800 0227788...

Страница 54: ...ruguay Venezuela 0810 222 3266 511 241 1691 0800 133266 or 55 11 5643 2700 525 201 0004 562 240 6200 525 201 0004 525 201 0004 525 201 0004 525 201 0004 511 241 1691 525 201 0004 525 201 0004 From the...

Страница 55: ...rence by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit d...

Страница 56: ...26 Electromagnetic compatibility and Radio spectrum Matters ERM ElectroMagnetic Compatibility EMC standard for 2 4 GHz wideband transmission systems and HIgh PErformance Radio Local Area Network HIPER...

Страница 57: ...17 EAP TLS 17 login 19 serial authentication 18 upper layer authentication 17 authentication MAC address 31 B backup configuration 33 backups configuration templates 33 beacon period 27 blocking clie...

Страница 58: ...n 29 MAC address access list 31 open network 18 security options 17 18 serial authentication 31 user access list 30 serial authentication 18 31 server DHCP 26 site electrical considerations 38 site su...

Отзывы: