H3c-technologies H3C WA3600 Series Access Points Manuel d'utilisateur Page 272
- Page / 447
- Table des matières
- DEPANNAGE
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
259
• Receiving a data frame from a client which is unauthenticated.
• Receiving a PS-poll frame from a client which is unauthenticated.
2. Dissociation
A dissociation frame can be sent by an AP or a wireless client to break the current wireless link. In the
wireless system, dissociation can occur due to many reasons, such as:
• Receiving a data frame from a client which is authenticated and unassociated.
• Receiving a PS-Poll frame from a client which is authenticated and unassociated.
WLAN data security
Compared with wired networks, WLAN networks are more susceptible to attacks because all WLAN
devices share the same medium and thus every device can receive data from any other sending device.
If no security service is provided, plain-text data is transmitted over the WLAN.
To secure data transmission, 802.11 protocols provide some encryption methods to ensure that devices
without the right key cannot read encrypted data.
1. WEP encryption
Wired Equivalent Privacy (WEP) was developed to protect data exchanged among authorized users in
a wireless LAN from casual eavesdropping. WEP uses RC4 encryption for confidentiality. WEP
encryption falls into static and dynamic encryption according to how a WEP key is generated.
• Static WEP encryption
With Static WEP encryption, all clients using the same SSID must use the same encryption key. If the
encryption key is deciphered or lost, attackers get all encrypted data. In addition, periodical manual key
update brings great management workload.
• Dynamic WEP encryption
Dynamic WEP encryption is a great improvement over static WEP encryption. With dynamic WEP
encryption, WEP keys are negotiated between client and server through the 802.1X protocol so that each
client is assigned a different WEP key, which can be updated periodically to further improve unicast
frame transmission security.
Although WEP encryption increases the difficulty of network interception and session hijacking, it still has
weaknesses due to limitations of RC4 encryption algorithm and static key configuration.
2. TKIP encryption
Temporal key integrity Protocol (TKIP) and WEP both use the RC4 algorithm, but TKIP has many
advantages over WEP, and provides more secure protection for WLAN as follows:
• First, TKIP provides longer IVs to enhance encryption security. Compared with WEP encryption, TKIP
encryption uses 128–bit RC4 encryption algorithm, and increases the length of IVs from 24 bits to
48 bits.
• Second, TKIP allows for dynamic key negotiation to avoid static key configuration. TKIP replaces a
single static key with a base key generated by an authentication server. TKIP dynamic keys cannot
be easily deciphered.
• Third, TKIP offers Message Integrity Check (MIC) and countermeasures. If a packet fails the MIC,
the data may be tampered, and the system may be attacked. If two packets fail the MIC in a certain
period, the AP automatically takes countermeasures. It does not provide services in a certain period
to prevent attacks.
3. CCMP encryption
- H3C WA Series Access Points 1
- Preface 3
- Symbols 4
- Network topology icons 4
- Obtaining documentation 5
- Technical support 5
- Documentation feedback 5
- Contents 6
- Feature matrix 14
- Table 2 Feature matrix 15
- Module Feature WA2600 series 15
- WA3600 series 15
- Quick Start 16
- Admin configuration 17
- IP configuration 18
- Wireless configuration 19
- RADIUS configuration 20
- Encryption configuration 22
- Configuration summary 25
- Summary 33
- Device info 34
- System resource state 34
- Device interface information 34
- Displaying WLAN service 35
- Displaying radio 39
- Displaying WDS 42
- Displaying client 43
- Configuring system name 48
- 4. Click Apply 49
- Software upgrade 50
- Diagnostic information 52
- System time configuration 54
- Configuring the system time 55
- Log management configuration 56
- Setting the log host 57
- Loghost IP/Domain 58
- Configuration management 60
- Saving configuration 61
- Initializing configuration 62
- Displaying file list 63
- Downloading a file 63
- Uploading a file 64
- Removing a file 64
- Creating an interface 67
- TR-069 configuration 76
- Creating a user 79
- Setting the super password 80
- SNMP configuration 82
- Enabling SNMP 84
- Configuring an SNMP view 85
- Adding rules to an SNMP view 87
- Configuring an SNMP group 88
- Configuring an SNMP user 90
- SNMP configuration example 94
- Configuring the NMS 99
- Loopback configuration 100
- Configuration guidelines 101
- MAC address configuration 102
- Network requirements 105
- VLAN configuration 107
- Creating a VLAN 108
- Modifying a VLAN 108
- Modifying a port 109
- VLAN configuration example 111
- ARP configuration 114
- Creating a static ARP entry 115
- Removing ARP entries 116
- Configuring gratuitous ARP 116
- Configuration procedure 117
- IGMP snooping configuration 118
- Configuring Router A 124
- Configuring AP 124
- Verifying the configuration 125
- Overview 127
- Configuration outlines 132
- DHCP overview 137
- Enabling DHCP 138
- DHCP client 143
- DHCP server 143
- DNS configuration 146
- Adding a DNS server address 148
- Adding a domain name suffix 149
- Clearing dynamic DNS cache 149
- DNS configuration example 149
- DNS server 150
- DNS client 150
- Configuring the AP 152
- Configuring PPPoE client 154
- Configuring the PPPoE client 159
- Configuring the PPPoE server 159
- Service management 161
- Item Descri 163
- Diagnostic tools 164
- Ping operation 165
- IPv6 ping operation 166
- Trace route operation 168
- Web overview 170
- (1) Navi 171
- Web user level 172
- Common buttons and icons 180
- Content display by pages 180
- Searching function 181
- Sorting function 183
- Troubleshooting web browser 185
- Radio configuration 188
- Configuring 802.11n MCS 193
- Configuring 802.11n rates 195
- Configuring calibration 196
- Parameter setting 197
- Configuring channel scanning 199
- Displaying detection record 203
- Displaying history record 204
- Antenna 205
- AAA configuration 206
- Configuring AAA 207
- AAA configuration example 213
- <AP> system-view 216
- [AP] telnet server enable 216
- [AP] user-interface vty 0 4 216
- [AP-ui-vty0-4] quit 216
- HWTACACS configuration 232
- Configuring HWTACACS servers 233
- interval (in minutes) 243
- User configuration 244
- Configuring a user group 247
- Configuring a guest 248
- Certificate management 251
- Creating a PKI entity 254
- Creating a PKI domain 255
- Generating an RSA key pair 258
- Destroying the RSA key pair 259
- PKI configuration example 262
- Configuring the CA server 263
- Wireless service 268
- Scanning 269
- Authentication 270
- Association 271
- Other related procedures 271
- WLAN data security 272
- Client access authentication 273
- Introduction to WDS 275
- Mesh bridge connection 276
- Repeater mode overview 277
- LAN Segment 278
- Configuring wireless service 279
- Enabling a wireless service 297
- Enabling a radio 297
- Configuring WDS service 298
- Configuring global WDS 302
- Enabling WDS service 303
- Enabling the client mode 304
- Method 1 305
- Displaying statistics 306
- L2 switch 312
- Configuring the client 314
- WDS configuration examples 350
- Configuring the repeater 354
- Configuring ACL and QoS 362
- Configuring an ACL 363
- Adding a time range 364
- Adding an IPv4 ACL 365
- Item Descri 368
- Adding an IPv6 ACL 373
- Configuring priority mapping 378
- Configuring a QoS policy 380
- Adding a class 381
- Adding a traffic behavior 385
- Adding a policy 389
- Applying a policy to a port 390
- Configuring wireless QoS 403
- WMM protocol overview 404
- Enabling wireless QoS 405
- Setting the SVP service 406
- Setting CAC admission policy 407
- Displaying radio statistics 410
- Displaying client statistics 412
- Setting rate limiting 413
- Setting guaranteed bandwidth 415
- Enabling bandwidth guarantee 416
- Advanced settings 424
- Uplink interface 425
- L2 Switch 425
- Setting a district code 426
- Configuring band navigation 430
- WLAN security configuration 438
- Configuring WIDS 439
- Configuring static blacklist 442
- Configuring white list 442
- User isolation 444
© 2020, manymanuals.fr. Tous droits réservés | 0.454 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels