Cisco Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch Manual De Mantenimiento
Wireless
WPS Setup
Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE
103
5
As with the PBC method, if the WAP device begins the enrollment transaction and
no client attempts to enroll after 120 seconds, the WAP device terminates the
pending transaction.
no client attempts to enroll after 120 seconds, the WAP device terminates the
pending transaction.
Optional Use of Built-In Registrar
Although the WAP device supports a built-in registrar for WPS, its use is optional.
After an external registrar has configured the WAP device, the WAP device acts as
a proxy for that external registrar, regardless if the built-in registrar of the WAP
device is enabled (it is enabled by default).
After an external registrar has configured the WAP device, the WAP device acts as
a proxy for that external registrar, regardless if the built-in registrar of the WAP
device is enabled (it is enabled by default).
Lockdown Capability
Each WAP device stores a WPS-compatible device PIN in nonvolatile RAM. WPS
requires this PIN if an administrator wants to allow an unconfigured WAP device
(that is, one with only factory defaults, including WPS being enabled on a VAP) to
join a network. In this scenario, the administrator obtains the PIN value from the
configuration utility of the WAP device.
requires this PIN if an administrator wants to allow an unconfigured WAP device
(that is, one with only factory defaults, including WPS being enabled on a VAP) to
join a network. In this scenario, the administrator obtains the PIN value from the
configuration utility of the WAP device.
The administrator may wish to change the PIN if network integrity has been
compromised in some way. The WAP device provides a method for generating a
new PIN and storing this value in NVRAM. If the value in NVRAM is corrupted,
erased, or missing, a new PIN is generated by the WAP device and stored in
NVRAM.
compromised in some way. The WAP device provides a method for generating a
new PIN and storing this value in NVRAM. If the value in NVRAM is corrupted,
erased, or missing, a new PIN is generated by the WAP device and stored in
NVRAM.
The PIN method of enrollment is potentially vulnerable by way of brute force
attacks. A network intruder could try to pose as an external registrar on the
wireless LAN and attempt to derive the PIN value of the WAP device by
exhaustively applying WPS-compliant PINs. To address this vulnerability, in the
event that a registrar fails to supply a correct PIN in three attempts within 60
seconds, the WAP device prohibits any further attempts by an external registrar to
register with the WAP device on the WPS-enabled VAP for 60 seconds. The
lockdown duration increases upon subsequent failures, up to a maximum of 64
minutes. The WAP devices registration functionality goes into permanent
lockdown after the 10th consecutive failed attempt. Reset the device to restart the
registration functionality.
attacks. A network intruder could try to pose as an external registrar on the
wireless LAN and attempt to derive the PIN value of the WAP device by
exhaustively applying WPS-compliant PINs. To address this vulnerability, in the
event that a registrar fails to supply a correct PIN in three attempts within 60
seconds, the WAP device prohibits any further attempts by an external registrar to
register with the WAP device on the WPS-enabled VAP for 60 seconds. The
lockdown duration increases upon subsequent failures, up to a maximum of 64
minutes. The WAP devices registration functionality goes into permanent
lockdown after the 10th consecutive failed attempt. Reset the device to restart the
registration functionality.
However, wireless client stations may enroll with the WAP device's built-in
registrar, if enabled, during this lockdown period. The WAP device also continues
to provide proxy services for enrollment requests to external registrars.
registrar, if enabled, during this lockdown period. The WAP device also continues
to provide proxy services for enrollment requests to external registrars.
The WAP device has an additional security features for protecting its device PIN.
After the WAP device has completed registration with an external registrar, and
the resulting WPS transaction has concluded, the device PIN is automatically
regenerated.
After the WAP device has completed registration with an external registrar, and
the resulting WPS transaction has concluded, the device PIN is automatically
regenerated.