102
6.0 Summit Radio
Element
Description
Profile
The active profile.
Status
Indicates the current status of the Summit radio. Potential
values include:
Down
The radio is not recognized by Summit
software, possibly because the radio is not
installed properly.
Disabled
The radio has been disabled because
Disable
Radio
on the SCU Main window has been
tapped. To enable the radio, tap
Enable Radio
on the SCU Main window.
Not As-
sociated
The radio is not associated to an AP, possibly
because no AP for the active profile is in range.
Associ-
ated
The radio is associated to an AP. If the radio is
not sending or receiving from the AP, then:
• If WEP is being used, then one of the WEP
keys in the active profile is invalid.
• If WPA-PSK or WPA2-PSK is being used,
then the PSK or password is invalid.
• If WPA-Enterprise or WPA2-Enterprise is be
-
ing used, then the radio did not complete EAP
authentication successfully.
<EAP
type>
Authenti-
cated
The radio is associated to an AP and has
completed EAP authentication successfully.
Device
Information
•
Client name, if defined in active profile
•
IP address
•
MAC address
6.1.2.7 Encryption
6.1.2.7.1
Cisco TKIP
If the active profile has an Encryption setting of CKIP or CKIP EAP, then
the Summit radio will associate or roam successfully to an AP is config-
ured with:
• The SSID and other RF settings of the active profile
• The authentication method of the active profile
• For WEP, the static WEP keys of the active profile
• Any of the following encryption settings:
– WEP only (no CKIP or CMIC)
– WEP with CKIP
– WEP with CMIC
– WEP with CKIP and CMIC
6.1.2.7.2
WPA Migration Mode and WPA2 Mixed Mode
Summit radios support two special AP settings: WPA Migration Mode
and WPA2 Mixed Mode. WPA Migration Mode is a setting on Cisco
APs that enables both WPA and non-WPA clients to associate to an AP
using the same SSID, provided that the AP is configured for Migration
Mode (WPA optional with TKIP+WEP128 or TKIP+WEP40 cipher). In
other words, WPA Migration Mode means WPA key management with
TKIP for the pairwise cipher and TKIP, 128-bit WEP, or 40-bit WEP for
the group cipher. When WPA Migration Mode in use, you can select
WPA TKIP or WEP EAP for your Summit radio encryption type.
WPA2 Mixed Mode operation enables both WPA and WPA2 clients to
associate to an AP using the same SSID. WPA2 Mixed Mode is defined
by the Wi-Fi Alliance, and support for the feature is a part of Wi-Fi
certification testing. When WPA2 Mixed Mode is configured, the AP
advertises the encryption ciphers (TKIP, CCMP, other) that are avail-
able for use, and the client selects the encryption cipher it wants to use.
In other words, WPA Mixed Mode means WPA key management with
AES for the pairwise cipher and AES or TKIP for the group cipher.
When WPA2 Mixed Mode in use, you can select WPA2 AES or WPA
TKIP for your Summit radio encryption type.
6.1.2.8 ThirdPartyConfig
If the profile named
ThirdPartyConfig
is selected as the active pro-
file, then SCU works in tandem with WZC or another third-party appli-
cation for configuration of all radio and security settings for the radio.
The third-party application must be used to define the SSID, Auth Type,
EAP Type, and Encryption settings. SCU can be used to define the Cli-
ent Name, Power Save, Tx Power, Bit Rate, and Radio Mode settings.
Those SCU profile settings, all SCU global settings, and the third-party
application settings are applied to the radio when ThirdPartyConfig is
selected as the active profile and a power cycle is performed.
On some devices that run Pocket PC or Windows Mobile, the radio will
not associate if WPA with pre-shared keys, or WPA-PSK, is used with
WZC. If that is the case for your device, then to use WPA-PSK you must
use an SCU profile other than ThirdPartyConfig.
6.1.2.9 EAP-FAST
The 802.1X authentication types
PEAP
and
EAP-FAST
use a client-
server security architecture that encrypts EAP transactions within a
TLS tunnel.
PEAP
relies on the provisioning and distribution of a digital
certificate for the authentication server. With
EAP-FAST
, tunnel estab-
lishment is based upon strong shared-secret keys that are unique to us-
ers. These secrets are called protected access credentials (PACs) and can
be created automatically or manually. With automatic or in-band pro-
visioning, the PAC is created and distributed to the client device in one
operation. With manual or out-of-band provisioning, the PAC is created
in one step and then must be distributed to the client device separately.
SCU supports PACs created automatically or manually. When you cre-
ate a PAC manually, you must load it to the certs directory on the device
that runs SCU. Be sure that the PAC file does not have read-only permis-
sions set, or SCU will not be able to use the PAC.
Note:
If you enter a PAC filename in the SCU field, manual provision-
ing is used. If you omit the PAC filename, automatic provision-
ing is used.
6.1.3
Status Window
The Status window provides status information on the radio. A sample
Status window is shown below: