Configuring WLAN Settings

This option provides wireless devices with the SSID. The SSID is a service set identifier that only allows communication between devices sharing the same SSID.

This option allows you to enable encryption between your devices and the server. You have the following options for encryption:

None. Devices do not encrypt information.

WEP. Wired Equivalent Privacy is an encryption protocol using either a 40- or 128-bit key which is distributed to your devices. When WEP is enabled, a device can only communicate with other devices that share the same WEP key.

Avalanche only tracks the WEP keys that were assigned to devices through the Avalanche Console. Consequently, WEP keys displayed in the Console might not match the keys for a wireless device if you modified them from outside of Avalanche.

WEP Key Rotation. WEP key rotation employs four keys which are automatically rotated at specified intervals. Each time the keys are rotated, one key is replaced by a new, randomly generated key. The keys are also staggered, meaning that the key sent by an infrastructure device is different than the one sent by a mobile device. Because both infrastructure and mobile devices know which keys are authorized, they can communicate securely without using a shared key.

WEP key rotation settings are not recoverable. If the system hosting the Server becomes unavailable (for example, due to a hardware crash), you must re-connect serially to each mobile device to ensure that WEP key settings are correctly synchronized.

WPA (TKIP). WPA, or Wi-Fi Protected Access, uses Temporal Key Integrity Protocol (TKIP) to encrypt information and change the encryption keys as the system is used. WPA uses a larger key and a message integrity check to make the encryption more secure than WEP. In addition, WPA is designed to shut down the network for 60 seconds when an attempt to break the encryption is detected. WPA availability is dependent on some hardware types.

WPA2 (AES). WPA2 is similar to WPA but meets even higher standards for encryption security. In WPA2, encryption, key management, and message integrity are handled by CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) instead of TKIP. WPA2 availability is dependent on some hardware types.

WPA(TKIP) + WPA2(AES). WPA Mixed Mode allows you to use either AES or TKIP encryption, depending on what the device supports.

The pre-shared key if you are using PSK with WPA or WPA2.

How frequently the access points' broadcast key is changed.

This option allows you to add custom properties to the devices that receive this network profile. By clicking __ defined, you can add, edit, and delete properties and their values.

The authentication types available depends on the encryption you select and what is supported by your Enabler and hardware. You must select the encryption type and then click Use authentication before the authentication options are available. Authentication options include:

EAP. Extensible Authentication Protocol. Avalanche supports multiple EAP methods as described below.

PEAP/MS-CHAPv2. (Protected Extensible Authentication Protocol combined with Microsoft Challenge Handshake Authentication Protocol) PEAP/MS‑CHAPv2 is available when you are using encryption. It uses a public key certificate to establish a Transport Layer Security tunnel between the client and the authentication server.

PEAP/GTC. (Protected Extensible Authentication Protocol with Generic Token Card) PEAP/GTC is available when you are using encryption. It is similar to PEAP/MS‑CHAPv2, but uses an inner authentication protocol instead of MS-CHAP.

EAP_FAST/MS-CHAPv2.(Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling combined with MS‑CHAPv2) EAP‑FAST uses protected access credentials and optional certificates to establish a Transport Layer Security tunnel.

EAP_FAST/GTC. (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling with Generic Token Card) EAP‑FAST uses protected access credentials and optional certificates to establish a Transport Layer Security tunnel.

TTLS/MS‑CHAPv2. (Tunneled Transport Layer Security with MS‑CHAPv2) TTLS uses public key infrastructure certificates (only on the server) to establish a Transport Layer Security tunnel.

LEAP. (Lightweight Extensible Authentication Protocol) LEAP requires both client and server to authenticate and then creates a dynamic WEP key.

EAP-TLS. (Extensible Authentication Protocol - Transport Layer Security) EAP-TLS is one of the most secure EAP standards available for wireless LAN authentication, utilizing certificates on both the device and server to establish a secure connection. When this authentication setting is selected, you can provide an Active Directory Username and corporate Domain to apply to all authentication requests.

This option is only available for WPA (TKIP) and WPA 2 (AES) encryption methods.

If you are using the Wavelink Certificate Management Server, you must use EAP-TLS. For more information on certificate management, see Certificate Management.

Uploads a master certificate to compare between the Certificate Management Server and Wavelink Enabler during authentication. If the certificates don't match, the device is prevented from accessing the network. This option is best if you use a single certificate across multiple devices. This certificate is not automatically renewed through your SCEP server and must manually be uploaded each renewal period.

This option allows you to distribute SSL certificates directly to devices using this network profile. As part of the certificate management setup process, enabling this setting is required to deploy certificates to AIDC devices. For more information, see Certificate Management.

Certificate Authority. Distributes individual certificates to devices using a Certificate Authority. This method is best when you want to distribute a unique certificate to each device. For more information, see Configuring General System Settings. When you select this option, the following fields appear:

•Certificate Authority. Displays all available Certificate Authorities for managing individual device certificates. To use this option, you must have at least one Microsoft Certificate Authority (SCEP) added on the System Settings screen. You can only select one Certificate Authority per network profile.

•Validity. Attaches an expiration to certificates. The Days until expiration field allows you to set when to check for the certificate expiration. The Renew certificate automatically checkbox is dependent on the expiration and determines whether Avalanche will automatically renew the certificate or let it expire.

Upload to Avalanche. Uploads a single certificate to Avalanche and distributes it to all devices associated with the profile. When uploading a certificate, you must also provide the certificate's password. This method is best when you want to distribute a single certificate between multiple devices.

This option allows you to determine whether users ar6e prompted for login credentials or use fixed credentials when accessing the network.