3com WX1200 3CRWX120695A Manuel D’Utilisation
496
C
HAPTER
21: C
ONFIGURING
AAA
FOR
N
ETWORK
U
SERS
Assigning Encryption
Types to Wireless
Users
When a user turns on a wireless laptop or PDA, the device attempts to
find an access point and form an association with it. Because MAPs
support the encryption of wireless traffic, clients can choose an
encryption type to use. You can configure MAPs to use the encryption
algorithms supported by the Wi-Fi Protected Access (WPA) security
enhancement to the IEEE 802.11 wireless standard. (For details, see
Chapter 13, “Configuring User Encryption,” on page 281.)
find an access point and form an association with it. Because MAPs
support the encryption of wireless traffic, clients can choose an
encryption type to use. You can configure MAPs to use the encryption
algorithms supported by the Wi-Fi Protected Access (WPA) security
enhancement to the IEEE 802.11 wireless standard. (For details, see
Chapter 13, “Configuring User Encryption,” on page 281.)
If you have configured MAPs to use specific encryption algorithms, you
can enforce the type of encryption a user or group must have to access
the network. When you assign the Encryption-Type attribute to a user or
group, the encryption type or types are entered as an authorization
attribute into the user or group record in the local WX database or on the
RADIUS server. Encryption-Type is a 3Com vendor-specific attribute
(VSA).
can enforce the type of encryption a user or group must have to access
the network. When you assign the Encryption-Type attribute to a user or
group, the encryption type or types are entered as an authorization
attribute into the user or group record in the local WX database or on the
RADIUS server. Encryption-Type is a 3Com vendor-specific attribute
(VSA).
Clients who attempt to use an unauthorized encryption method are
rejected.
rejected.
Assigning and Clearing Encryption Types Locally
To restrict wireless uses or groups with user profiles in the local WX
database to particular encryption algorithms for accessing the network,
use one of the following commands:
database to particular encryption algorithms for accessing the network,
use one of the following commands:
set user username attr encryption-type value
set usergroup groupname attr encryption-type value
set mac-user username attr encryption-type value
set mac-usergroup groupname attr encryption-type value
set usergroup groupname attr encryption-type value
set mac-user username attr encryption-type value
set mac-usergroup groupname attr encryption-type value
MSS supports the values for Encryption-Type shown in Table 45. The
values are listed from most secure to least secure. (For user encryption
details, see Chapter 13, “Configuring User Encryption,” on page 281.)
values are listed from most secure to least secure. (For user encryption
details, see Chapter 13, “Configuring User Encryption,” on page 281.)
Table 45 Encryption Type Values and Associated Algorithms
Encryption-Type
Value
Value
Encryption Algorithm
Assigned
Assigned
1
Advanced Encryption Standard using Counter with Cipher
Block Chaining Message Authentication Code (CBC-MAC) —
or AES_CCM.
Block Chaining Message Authentication Code (CBC-MAC) —
or AES_CCM.
2
Reserved.
4
Temporal Key Integrity Protocol (TKIP).