© 2012 Wavelink Corporation. All Rights Reserved.
From a network profile, you can configure WLAN settings for your devices. These settings will be deployed with the profile and applied on the device. The options include:
|
SSID |
This option provides wireless devices with the SSID. The SSID is a service set identifier that only allows communication between devices sharing the same SSID. |
|
Encryption |
This option allows you to enable encryption between your devices and the server. You have the following options for encryption: |
|
|
Use Profile/None. Devices do not encrypt information. |
|
|
WEP. Wired Equivalent Privacy is an encryption protocol using either a 40- or 128-bit key which is distributed to your devices. When WEP is enabled, a device can only communicate with other devices that share the same WEP key. Avalanche only tracks the WEP keys that were assigned to devices through the Avalanche Console. Consequently, WEP keys displayed in the Console might not match the keys for a wireless device if you modified them from outside of Avalanche. |
|
|
WEP Key Rotation. WEP key rotation employs four keys which are automatically rotated at specified intervals. Each time the keys are rotated, one key is replaced by a new, randomly generated key. The keys are also staggered, meaning that the key sent by an infrastructure device is different than the one sent by a mobile device. Because both infrastructure and mobile devices know which keys are authorized, they can communicate securely without using a shared key. WEP key rotation settings are not recoverable. If the system hosting the Server becomes unavailable (for example, due to a hardware crash), you must re-connect serially to each mobile device to ensure that WEP key settings are correctly synchronized. |
|
|
WPA (TKIP). WPA, or Wi-Fi Protected Access, uses Temporal Key Integrity Protocol (TKIP) to encrypt information and change the encryption keys as the system is used. WPA uses a larger key and a message integrity check to make the encryption more secure than WEP. In addition, WPA is designed to shut down the network for 60 seconds when an attempt to break the encryption is detected. WPA availability is dependent on some hardware types. |
|
|
WPA2 (AES). WPA2 is similar to WPA but meets even higher standards for encryption security. In WPA2, encryption, key management, and message integrity are handled by CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) instead of TKIP. WPA2 availability is dependent on some hardware types. |
|
|
WPA2 Mixed Mode. WPA Mixed Mode allows you to use either AES or TKIP encryption, depending on what the device supports. |
|
Custom Properties |
This option allows you to add custom properties to the devices that receive this network profile. By clicking Edit/View, you can add, edit, and delete properties and their values. |
|
Authentication Settings |
The authentication types available depends on the encryption you select and what is supported by your Enabler and hardware. Authentication options include: |
|
|
EAP. Extensible Authentication Protocol. Avalanche supports five different EAP methods: |
|
|
PEAP/MS-CHAPv2. (Protected Extensible Authentication Protocol combined with Microsoft Challenge Handshake Authentication Protocol) PEAP/MS‑CHAPv2 is available when you are using encryption. It uses a public key certificate to establish a Transport Layer Security tunnel between the client and the authentication server. |
|
|
PEAP/GTC. (Protected Extensible Authentication Protocol with Generic Token Card) PEAP/GTC is available when you are using encryption. It is similar to PEAP/MS‑CHAPv2, but uses an inner authentication protocol instead of MS-CHAP. |
|
|
EAP_FAST/MS-CHAPv2.(Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling combined with MS‑CHAPv2) EAP‑FAST uses protected access credentials and optional certificates to establish a Transport Layer Security tunnel. |
|
|
EAP_FAST/GTC. (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling with Generic Token Card) EAP‑FAST uses protected access credentials and optional certificates to establish a Transport Layer Security tunnel. |
|
|
TTLS/MS‑CHAPv2. (Tunneled Transport Layer Security with MS‑CHAPv2) TTLS uses public key infrastructure certificates (only on the server) to establish a Transport Layer Security tunnel. |
|
|
Pre-Shared Key (PSK). PSK does not require an authentication server. A preset authentication key (either a 8-63 character pass phrase or a 64 character hex key) is shared to the devices on your network and allows them to communicate with each other. |
|
|
LEAP. (Lightweight Extensible Authentication Protocol) LEAP requires both client and server to authenticate and then creates a dynamic WEP key. |
To configure WLAN settings:
| 1 | From the Profiles tab, select the profile from the Profile List. |
| 2 | Click Edit. |
| 3 | In the Network Profile tab, enable the Manage WLAN option. |
| 4 | In the Scheduled Settings region, select the date and time you want the settings to take effect from the drop-down list. |
| • | If you would like to add another start time for different settings to the list, click Add and select the date and time you want it to begin. |
| • | If you want to add another start time using the settings currently configured, click Clone. |
| • | If you want to change the currently selected start time, click Edit. |
| 5 | Select the WLAN Settings tab. |
| 6 | Configure the WLAN settings as desired. |
| • | If you select WEP keys, select either 40 Bit or 128 Bit key size and create the keys. The keys you enter must be in hex format. A 40-bit key should have 10 characters and a 128-bit key should have 26 characters. To change the value for one of the hex digits in a key, type a new value (using 0-9 and A-F) in the appropriate text box. An example of a 40-bit key would be: 5D43AB290F. |
| • | If you select WEP key rotation, click the Settings button to configure the encryption algorithm, starting date and time, rotation interval, and a pass code. |
| • | If you select PEAP or TTLS authentication, enable Validate Server Certificate to provide a path to the server certificate. |
| • | If you select EAP_FAST, provide a path and a password to a PAC (Protected Access Credential). This will provision devices with the PAC file. |
| • | If you select an EAP method or LEAP, configure whether the User Credentials are Prompt (user is prompted when credentials are required) or Fixed (credentials are automatically sent when required). |
Note: The availability of authentication settings is dependent on what encryption method you have selected.
| 7 | Save your changes. |
© 2012 Wavelink Corporation. All Rights Reserved.