Avalanche powered by Wavelink
This page refers to an older version of the product.View the current version of the User Guide.
Configuring WLAN Settings
From a network profile, you can configure WLAN settings for your devices. These settings will be deployed with the profile and applied on the device. The options include:
SSID |
This option provides wireless devices with the SSID. The SSID is a service set identifier that only allows communication between devices sharing the same SSID. |
Encryption |
This option allows you to enable encryption between your devices and the server. You have the following options for encryption: |
|
None. Devices do not encrypt information. |
|
WEP. Wired Equivalent Privacy is an encryption protocol using either a 40- or 128-bit key which is distributed to your devices. When WEP is enabled, a device can only communicate with other devices that share the same WEP key. Avalanche only tracks the WEP keys that were assigned to devices through the Avalanche Console. Consequently, WEP keys displayed in the Console might not match the keys for a wireless device if you modified them from outside of Avalanche. |
|
WEP Key Rotation. WEP key rotation employs four keys which are automatically rotated at specified intervals. Each time the keys are rotated, one key is replaced by a new, randomly generated key. The keys are also staggered, meaning that the key sent by an infrastructure device is different than the one sent by a mobile device. Because both infrastructure and mobile devices know which keys are authorized, they can communicate securely without using a shared key. WEP key rotation settings are not recoverable. If the system hosting the Server becomes unavailable (for example, due to a hardware crash), you must re-connect serially to each mobile device to ensure that WEP key settings are correctly synchronized. |
|
WPA (TKIP). WPA, or Wi-Fi Protected Access, uses Temporal Key Integrity Protocol (TKIP) to encrypt information and change the encryption keys as the system is used. WPA uses a larger key and a message integrity check to make the encryption more secure than WEP. In addition, WPA is designed to shut down the network for 60 seconds when an attempt to break the encryption is detected. WPA availability is dependent on some hardware types. |
|
WPA2 (AES). WPA2 is similar to WPA but meets even higher standards for encryption security. In WPA2, encryption, key management, and message integrity are handled by CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) instead of TKIP. WPA2 availability is dependent on some hardware types. |
|
WPA(TKIP) + WPA2(AES). WPA Mixed Mode allows you to use either AES or TKIP encryption, depending on what the device supports. |
Key |
The pre-shared key if you are using PSK with WPA or WPA2. |
Broadcast Key Rotation Interval |
How frequently the access points' broadcast key is changed. |
Custom Properties |
This option allows you to add custom properties to the devices that receive this network profile. By clicking __ defined, you can add, edit, and delete properties and their values. |
Authentication Settings |
The authentication types available depends on the encryption you select and what is supported by your Enabler and hardware. You must select the encryption type and then click Use authentication before the authentication options are available. Authentication options include: |
|
EAP. Extensible Authentication Protocol. Avalanche supports multiple EAP methods as described below. |
|
PEAP/MS-CHAPv2. (Protected Extensible Authentication Protocol combined with Microsoft Challenge Handshake Authentication Protocol) PEAP/MS‑CHAPv2 is available when you are using encryption. It uses a public key certificate to establish a Transport Layer Security tunnel between the client and the authentication server. |
|
PEAP/GTC. (Protected Extensible Authentication Protocol with Generic Token Card) PEAP/GTC is available when you are using encryption. It is similar to PEAP/MS‑CHAPv2, but uses an inner authentication protocol instead of MS-CHAP. |
|
EAP_FAST/MS-CHAPv2.(Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling combined with MS‑CHAPv2) EAP‑FAST uses protected access credentials and optional certificates to establish a Transport Layer Security tunnel. |
|
EAP_FAST/GTC. (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling with Generic Token Card) EAP‑FAST uses protected access credentials and optional certificates to establish a Transport Layer Security tunnel. |
|
TTLS/MS‑CHAPv2. (Tunneled Transport Layer Security with MS‑CHAPv2) TTLS uses public key infrastructure certificates (only on the server) to establish a Transport Layer Security tunnel. |
|
LEAP. (Lightweight Extensible Authentication Protocol) LEAP requires both client and server to authenticate and then creates a dynamic WEP key. |
EAP-TLS. (Extensible Authentication Protocol - Transport Layer Security) EAP-TLS is one of the most secure EAP standards available for wireless LAN authentication, utilizing certificates on both the device and server to establish a secure connection. When this authentication setting is selected, you can provide an Active Directory Username and corporate Domain to apply to all authentication requests. This option is only available for WPA (TKIP) and WPA 2 (AES) encryption methods. If you are using the Wavelink Certificate Management Server, you must use EAP-TLS. For more information on certificate management, see Certificate Management. |
|
Validate Server Certificate |
Uploads a master certificate to compare between the Certificate Management Server and Wavelink Enabler during authentication. If the certificates don't match, the device is prevented from accessing the network. This option is best if you use a single certificate across multiple devices. This certificate is not automatically renewed through your SCEP server and must manually be uploaded each renewal period. |
Deploy Client Certificate |
This option allows you to distribute SSL certificates directly to devices using this network profile. As part of the certificate management setup process, enabling this setting is required to deploy certificates to AIDC devices. For more information, see Certificate Management. |
Client Certificate Source |
Certificate Authority. Distributes individual certificates to devices using a Certificate Authority. This method is best when you want to distribute a unique certificate to each device. For more information, see Configuring General System Settings. When you select this option, the following fields appear: •Certificate Authority. Displays all available Certificate Authorities for managing individual device certificates. To use this option, you must have at least one Microsoft Certificate Authority (SCEP) added on the System Settings screen. You can only select one Certificate Authority per network profile. •Validity. Attaches an expiration to certificates. The Days until expiration field allows you to set when to check for the certificate expiration. The Renew certificate automatically checkbox is dependent on the expiration and determines whether Avalanche will automatically renew the certificate or let it expire. Upload to Avalanche. Uploads a single certificate to Avalanche and distributes it to all devices associated with the profile. When uploading a certificate, you must also provide the certificate's password. This method is best when you want to distribute a single certificate between multiple devices. |
Credentials |
This option allows you to determine whether users ar6e prompted for login credentials or use fixed credentials when accessing the network. |
Prompt. Prompts users to enter credentials when a device connects to this network. This option is best for organizations that regularly update network credentials for security purposes. | |
Fixed. Automatically enters the provided username, password, and domain when connecting to the network for hands-free wifi connections. |
To configure current WLAN settings:
1.From the Available Profiles panel on the Profiles tab, click on the network profile you want to edit.
2.The Network Profile Details page appears. Click Edit.
3.The Edit Network Profile page appears. Enable the Manage WLAN checkbox.
4.The WLAN Settings panel appears. Configure the WLAN settings as desired. If you select 128-bit WEP, WPA, or WPA2 encryption, you can enable the Use authentication check box to select the type of authentication to use.
•If you select WEP keys, select either 40-bit or 128-bit key size. If you are using 128-bit WEP with encryption, the keys will be automatically generated. Otherwise, you must provide the keys in hex format. A 40-bit key should have 10 characters and a 128-bit key should have 26 characters. To change the value for one of the keys, type a new value (using 0-9 and A-F) in the appropriate text box. An example of a 40-bit key would be: 5D43AB290F. Then select the key that the device will transmit from the Transmit key dropdown menu.
•If you select WEP key rotation, choose the 40- or 128-bit key size, the starting date and time, rotation interval, and a passcode.
•If you are using a pre-shared key with WPA or WPA2, type the passphrase or hex key in the Key text box. Use the Broadcast key rotation interval option to set how often the key is rotated.
•If you select PEAP or TTLS authentication, enable the Validate Server Certificate check box to provide a path to the certificate.
•If you select EAP_FAST, provide a path and password to a PAC (Protected Access Credential) file. This will provision devices with the PAC file.
•If you are an authentication method, configure whether the User Credentials are Prompt (user is prompted when credentials are required) or Fixed (credentials are automatically sent when required).
The availability of authentication settings is dependent on the encryption method you have selected.
5.Click Save to save your changes.
To configure scheduled changes for WLAN settings:
1.From the Available Profiles panel on the Profiles tab, click on the network profile you want to edit.
The Network Profile Details page appears.
2.In the Scheduled Profile Changes panel, click New.
3.Select the Start Date and Time that you want the settings to take effect and configure the scheduled settings as desired.
4.Click Save.
The changes are applied at the scheduled time.
This page refers to an older version of the product.View the current version of the User Guide.
The topic was:
Inaccurate
Incomplete
Not what I expected
Other
Copyright © 2017, Ivanti. All rights reserved.