© 2012 Wavelink Corporation. All Rights Reserved.
From a network profile, you can configure WLAN settings for your devices. These settings will be deployed with the profile and applied on the device. The options include:
|
SSID |
This option provides wireless devices with the SSID. The SSID is a service set identifier that only allows communication between devices sharing the same SSID. |
|
Encryption |
This option allows you to enable encryption between your devices and the server. You have the following options for encryption: |
|
|
None. Devices do not encrypt information. |
|
|
WEP. Wired Equivalent Privacy is an encryption protocol using either a 40- or 128-bit key which is distributed to your devices. When WEP is enabled, a device can only communicate with other devices that share the same WEP key. Avalanche only tracks the WEP keys that were assigned to devices through the Avalanche Console. Consequently, WEP keys displayed in the Console might not match the keys for a wireless device if you modified them from outside of Avalanche. |
|
|
WEP Key Rotation. WEP key rotation employs four keys which are automatically rotated at specified intervals. Each time the keys are rotated, one key is replaced by a new, randomly generated key. The keys are also staggered, meaning that the key sent by an infrastructure device is different than the one sent by a mobile device. Because both infrastructure and mobile devices know which keys are authorized, they can communicate securely without using a shared key. WEP key rotation settings are not recoverable. If the system hosting the Server becomes unavailable (for example, due to a hardware crash), you must re-connect serially to each mobile device to ensure that WEP key settings are correctly synchronized. |
|
|
WPA (TKIP). WPA, or Wi-Fi Protected Access, uses Temporal Key Integrity Protocol (TKIP) to encrypt information and change the encryption keys as the system is used. WPA uses a larger key and a message integrity check to make the encryption more secure than WEP. In addition, WPA is designed to shut down the network for 60 seconds when an attempt to break the encryption is detected. WPA availability is dependent on some hardware types. |
|
|
WPA2 (AES). WPA2 is similar to WPA but meets even higher standards for encryption security. In WPA2, encryption, key management, and message integrity are handled by CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) instead of TKIP. WPA2 availability is dependent on some hardware types. |
|
|
WPA(TKIP) + WPA2(AES). WPA Mixed Mode allows you to use either AES or TKIP encryption, depending on what the device supports. |
|
Custom Properties |
This option allows you to add custom properties to the devices that receive this network profile. By clicking __ defined, you can add, edit, and delete properties and their values. |
|
Authentication Settings |
The authentication types available depends on the encryption you select and what is supported by your Enabler and hardware. You must select the encryption type before the authentication options are available. Authentication options include: |
|
|
EAP. Extensible Authentication Protocol. Avalanche supports five different EAP methods: |
|
|
PEAP/MS-CHAPv2. (Protected Extensible Authentication Protocol combined with Microsoft Challenge Handshake Authentication Protocol) PEAP/MS‑CHAPv2 is available when you are using encryption. It uses a public key certificate to establish a Transport Layer Security tunnel between the client and the authentication server. |
|
|
PEAP/GTC. (Protected Extensible Authentication Protocol with Generic Token Card) PEAP/GTC is available when you are using encryption. It is similar to PEAP/MS‑CHAPv2, but uses an inner authentication protocol instead of MS-CHAP. |
|
|
EAP_FAST/MS-CHAPv2.(Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling combined with MS‑CHAPv2) EAP‑FAST uses protected access credentials and optional certificates to establish a Transport Layer Security tunnel. |
|
|
EAP_FAST/GTC. (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling with Generic Token Card) EAP‑FAST uses protected access credentials and optional certificates to establish a Transport Layer Security tunnel. |
|
|
TTLS/MS‑CHAPv2. (Tunneled Transport Layer Security with MS‑CHAPv2) TTLS uses public key infrastructure certificates (only on the server) to establish a Transport Layer Security tunnel. |
|
|
LEAP. (Lightweight Extensible Authentication Protocol) LEAP requires both client and server to authenticate and then creates a dynamic WEP key. |
To configure current WLAN settings:
| 1 | From the Available Profiles panel on the Profiles tab, click on the network profile you want to edit. |
| 2 | The Network Profile Details page appears. Click Edit. |
| 3 | The Edit Network Profile page appears. Enable the Manage WLAN checkbox. |
| 4 | The WLAN Settings panel appears. Configure the WLAN settings as desired. If you select 128-bit WEP, WPA, or WPA2 encryption, you can enable the Use authentication check box to select the type of authentication to use. |
| • | If you select WEP keys, select either 40-bit or 128-bit key size. If you are using 128-bit WEP with encryption, the keys will be automatically generated. Otherwise, you must provide the keys in hex format. A 40-bit key should have 10 characters and a 128-bit key should have 26 characters. To change the value for one of the keys, type a new value (using 0-9 and A-F) in the appropriate text box. An example of a 40-bit key would be: 5D43AB290F. Then select the key that the device will transmit from the Transmit key dropdown menu. |
| • | If you select WEP key rotation, choose the 40- or 128-bit key size, the starting date and time, rotation interval, and a passcode. |
| • | If you are using a pre-shared key with WPA or WPA2, type the passphrase or hex key in the Key text box. Use the Broadcast key rotation interval option to set how often the key is rotated. |
| • | If you select PEAP or TTLS authentication, enable the Validate Server Certificate check box to provide a path to the certificate. |
| • | If you select EAP_FAST, provide a path and password to a PAC (Protected Access Credential) file. This will provision devices with the PAC file. |
| • | If you are an authentication method, configure whether the User Credentials are Prompt (user is prompted when credentials are required) or Fixed (credentials are automatically sent when required). |
Note: The availability of authentication settings is dependent on the encryption method you have selected.
| 5 | Click Save to save your changes. |
To configure scheduled changes for WLAN settings:
| 1 | From the Available Profiles panel on the Profiles tab, click on the network profile you want to edit. |
The Network Profile Details page appears.
| 2 | In the Scheduled Profile Changes panel, click New. |
| 3 | Select the Start Date and Time that you want the settings to take effect and configure the scheduled settings as desired. |
| 4 | Click Save. |
The changes are applied at the scheduled time.
© 2012 Wavelink Corporation. All Rights Reserved.