products & services Support & Downloads about us Partners Where To Buy
     
Home > Support & Downloads
Wireless Security Configuration

silex products support various methods of authentication and encryption to ensure compatibility with wireless security depoyments. This document describes how to configure wireless security on silex print servers and device servers.

silex offers a variety of ways to configure the security parameters, including the ExtendView utility for Windows systems, a built-in web browser interface, and a command line console (described at the end of this document).


ExtendView

Note: You must be using ExtendView version 2.4 or later in order to configure wireless security settings. Install the ExtendView utility (found on the installation CD or at www.silexamerica.com). Select the product you want to configure from the list, click Server, and then Configuration and follow these steps for configuration:

  1. Click on the Wireless tab.
  2. Select Infrastructure for the Wireless mode and type in the correct SSID.
  3. Click Configure Wireless Security.

Web Browser Interface

Open any web browser from your PC (eg: Internet Explorer or Firefox) and type the IP Address of the print server for the Address. Click Login from the main menu in the left frame, and type in the password (default is ACCESS) and follow these steps for configuration:

  1. Click on Wireless from the main menu in the left frame.
  2. Select Infrastructure for the Wireless mode and type in the correct SSID.
  3. Click Submit.
  4. On the Configure Wireless screen, click on Configure Network Security.

Web Browser Interface and ExtendView Security Configuration

You should now be able to enter the security settings whether you are in ExtendView or the web browser interface. See below for detail on each field in the form. Help is also available within the ExtendView utility or the web browser. If you are using ExtendView, click OK when you are done for the settings to take effect. If you are using the web browser interface, click submit when you are done, and click the link in the lower right frame to reset it and have the settings take effect.

Encryption Mode
Select the desired encryption mode for the wireless link:

  • 64 and 128 bit WEP are for basic security compatibility
  • Dynamic WEP is displayed if an EAP (802.1x) method which automatically sets keys is selected as the authentication type.
  • WPA uses TKIP encryption.
  • WPA2 uses CCMP encryption.
  • WPA2-WPA uses CCMP for pair-wise encryption, but allows TKIP for group encryption.

Key Selection
If WEP encryption is selected, and the authentication mode is not an EAP (802.1x) mode, select the desired WEP key to be used, one through four.

WEP Key
These fields are ignored unless the encryption mode is 64 or 128 bit WEP. Enter up to 10 hexadecimal digits for 64 bit WEP, or 26 hexadecimal digits for 128 bit WEP.

Authentication Type
Choose type of authentication to be performed with the network access point, or with a peer unit in Ad-hoc mode.

User ID
Enter the logon user ID that the server uses to authenticate to the 802.1x-enabled network. The user ID and password must be in the authentication server database, and is used in TTLS, LEAP, and PEAP configurations. The default user ID is 'anonymous'. A realm defines a grouping of users. If a realm is required for your network, it is separated from the user ID by a '@' character. Realms make it easier to segregate user groups into independently administered databases, to apply policies on a user group basis, and to establish roaming agreements to name a few applications. The default realm if not specified is 'anonymous'. Realm is used with TTLS configurations, and sometimes with PEAP.

Password
Enter the logon password that the server uses to authenticate to the 802.1x enabled network. The user ID and password must be in the authentication server database, and is used in TTLS, LEAP, and PEAP configurations. The password may be a text string, or a string of hex bytes prefixed with '\x'. The default password is 'anonymous'.

Certificate Common Name
Enter the name of the certificate on the primary authentication server. If both of the
common names are set to null, all certificates are accepted. The default is null. Certificate common name is used in TTLS and PEAP configurations.

Certificate Root Key
Enter the authentication key used to verify the root certificate in the certificate chain provided by the authentication server. To set to null, leave this field blank. Certificate Root Key is used in TTLS and PEAP configurations. The Certificate Root Key can be extracted by clicking Browse and selecting the actual certificate if you don’t want to type it in manually.

Certificate Root Key Exponent
This value must match the authentication server certificate value. The default is 65537 (x10001). Certificate Root Key Exponent is used in TTLS and PEAP configurations. The Certificate Root Key Exponent can be extracted by clicking Browse and selecting the actual certificate if you don’t want to type it in manually.

Authentication Protocol
This field determines how the server authenticates itself to the 802.1x enabled network after an 802.1x session is established. The default is PAP. Sometimes referred to as inner-authentication protocol, it is used in TTLS and PEAP configurations.

Pre-Shared Key
If the PSK mode of authentication is selected with WPA (TKIP) or WPA2 (CCMP) encryption, the key value or pass-phrase entered here is used to initialize the session with the access point. If a key value is entered, it must be exactly 64 hex characters. A pass-phrase must be 8 to 63 displayable characters.

WPA Auto Associate
If the WPA Auto Associate mode is enabled, then if there are no WPA enabled access points available with the given SSID, the unit will attempt to associate with a non-WPA access point with the given SSID, if available. The authentication mode will still have to match. For WPA-EAP, the non-WPA AP will have to be configured for EAP authentication, and for WPA-PSK mode, the non-WPA AP will have to be in open system mode. The default is disabled.

WPA Group Key
If the WPA Group Key mode is enabled, then group keys may be used for data link encryption.
The default is disabled.


--------------------------------------------------------------------------------

Command Line Console Configuration

Go to the command prompt on your PC and type TELNET ipaddress (where ipaddress is the IP Address configured in the print server). You should get a # prompt, type in the password (default is ACCESS, this will not echo on your screen as you type it). Hit Enter a couple times until you get a Local> prompt. This is where you can type your commands. Type HELP to get a list of commands.

The following console commands can be used to configure your network security settings:


SH NW

Displays summary network information

sample output:
WiFi Mode = INFRASTRUCTURE
WiFi SSID: silex
Speed = 11
Regulatory Domain = 704
WiFi FW Ver = 1F 1.7.1
AP density = LOW
TTLS is Disabled
WEP is Disabled
Link DOWN


SET NW AUTHtype

Sets WLAN Authentication type

SET NW AUTHtype [OPEN |SHARED | TLS | TTLS | LEAP | PEAP | PSK]
(default = Open System)


SH NW AUTH

Shows the wireless authentication type

sample output:
Authentication type= OPEN SYSTEM


SET NW CHannel

Sets WLAN ad-hoc channel number

SET NW CHannel n
n = 1-11 (default = 11, this value is ignored in Infrastructure mode)


SET NW ENC

Sets WLAN Encryption Mode. Supported modes are none, 64 bit WEP, 128 bit WEP, WPA (TKIP), and WPA2 (AES/CCMP).

SET NW ENC [DIsable | 64 | 128 | WPA | WPA2 ]
(default = Disable)
SH NW ENC

Shows the wireless encryption mode

sample output:
encryption is Disabled

SET NW KEY#

Selects WLAN WEP key entry

SET NW KEY# n
n = 1-4 (default = 1)


SET NW KEYVAL

Sets the currently selected WLAN WEP key entry to the hex value given.

SET NW KEYVAL <key>
key=10 or 26 hex characters (default=<null>)


SET NW MOde

Sets WLAN mode

SET NW MOde <mode>
[Infrastructure | Ad-Hoc] (default = Infra)


SH NW MODE

Shows the wireless operating mode

sample output:
Wifi mode = AD-HOC (802.11)


SH NW RADio

Shows the selected radio mode of operation

sample output:
Radio mode is 802.11b


SET NW SPeed

Sets maximum WLAN speed

SET NW SPeed n
n = 1,2,5.5 or 11 (default = 11) for 802.11b products
n = 1,2,5.5,6,9,11,12,18,24,36,48,54 (default = 54) for 802.11a/b/g

SH NW SPEED

Show the maximum wireless data speed in megabits per second

sample output:
Speed = 11


SET NW SSid

Sets WLAN SSID

SET NW SSid <name>
User defined (default = printer)


CL NW SSid

Clears the SSID value so the server will connect to any AP.

CL NW SSid


SET NW BSsid

Sets WLAN BSSID (connect to a specific access point’s mac address)

SET NW BSsid <value>
User defined (MAC Address)


CL NW BSsid

Clears the BSSID value so the server uses just SSID and not a specific AP.

CL NW BSsid


SET NW RTS

Sets WLAN RTS threshold

SET NW RTS n
n = 1-3000 (default = 2432)

SH NW RTS

Shows the configured wireless RTS threshold

sample output:
Wifi RTS Threshold = 2432


SET NW APDEN

Sets WLAN Access Point Density

SET NW APDEN [LOW | MED | HI]
(default = LOW)


SH NW APDEN

Shows the access point density

sample output:
AP Density = Low

SH NW STATS

Show the network I/O statistics

sample output:
WiFi statistics:
TX Unicast frames: 0
TX Multicast frames: 0
TX Fragments: 0
TX Unicast octets: 0
TX Multicast octets: 0
TX Deferred: 0
TX Single retry frames: 0
TX Multiple retry frames: 0
TX Retry limit exceeded: 0
TX Discards: 0
RX Unicast frames: 0
RX Multicast frames: 0
RX Fragments: 0
RX Unicast octets: 0
RX Multicast octets: 0
RX FCS errors: 0
RX Discards no buffer: 0
TX Discards wrong SA: 0
RX Discards WEP undecr: 0
RX Msg in msg fragments: 0
RX Msg in Bad msg fragments: 0


SET NW CERTCN

Sets EAP Common Name

SET NW CERTCN <name>
User defined (default=<null>)


SH NW CERTCN

Shows the value of the first common name check string

sample output:
Common name 1

Note: the default for this string is a null (blank) string
Note: The deprecated command SH NW TTCN will also return this information.


SET NW CERTCN2

Sets second EAP Common Name

SET NW CERTCN2 <name>
User defined (default=<null>)


SH NW CERTCN2

Shows the value of the second common name check string

sample output:
Common name 2

Note: the default for this string is a null (blank) string


SET NW CERTEXP

Sets EAP Certificate Exponent value

SET NW CERTEXP <exponent>
User defined (default = 10001 Hex)


SH NW CERTEXP

Shows the value of the certificate exponent

sample output:
65537 (10001h)

Note: The deprecated command SH NW TTEXP will also return this information.


SET NW CERTKEY

Sets EAP Root Key

SET NW CERTKEY <key value>
User defined


SET NW ID

Sets Authentication User ID. This may include the realm, separated by a ‘@’ character.

SET NW ID <user id>
(default = anonymous)


SH NW ID

Shows the value of the authentication ID (including realm, if present)

sample output:
anonymous@somewhere

Note: The default realm is a null (blank) string
Note: The deprecated command SH NW TTID will also return this information.


SET NW PW

Sets the password used for the 802.1x EAP authentication, if enabled.

SET NW PW <password>
(default = anonymous)


SET NW INAP

Sets EAP Inner-Authentication protocol

SET NW INAP [PAP|MSCHAP_V2]
(default = PAP)


SH NW INAP

Shows the selected inner authentication mode

sample output:
Authentication protocol = PAP

Note: the deprecated command SH NW TTAP will also return this information.


SET NW REALM

Sets the realm portion of the 802.1x EAP authentication ID This may also be set with the ID command.

SET NW REALM <realm>
(default = <null>)


SH NW REALM

Shows the realm associated with the authentication ID, if any.

sample output:
somewhere

Note: The default realm is a null (blank) string
Note: The deprecated command SH NW TTRE will also return this information.


SET NW WPAAUTO

Enable or disable WPA/WPA2 auto mode. If enabled, the print server will connect to a non-WPA access point if a WPA enabled access point is not available. Only valid when WPA is enabled (authentication type = TKIP).

SET NW WPAAUTO [ENable | DIsable]
(default = disabled)


SH NW WPAAUTO

Shows the state of the WPA/WPA2 auto connect flag

sample output:
WPA-AUTO Enabled


SET NW WPAGROUP

Enable or disable WPA/WPA2 group key mode. If enabled, this allows group keys to be used for data link encryption.
SET NW WPAGROUP [ENABLE | DISABLE]
(default = disabled)


SH NW WPAGROUP

Shows the state of the allow WPA/WPA2 group keys flag

sample output:
WPA-GROUP Disabled


SET NW WPAPSK

Sets the WPA/WPA2 PSK pass phrase or hex key. This value is only used if the authentication mode is WPA-PSK. The argument to this command is either a pass phrase of 8-63 characters, or exactly 64 hex characters representing the 256 bit PSK value.

SET NW WPAPSK <key>
(default = “silex”)


SET NW WPATRACE

Sets the WPA trace level. note: this command is for diagnostic purposes only, and should not normally be used as the trace can affect performance. A value of 0 disables the trace.

SET NW WPATRACE nn
(default = 0)

Networking
Print servers
gsen.gif
USB device servers
gsen.gif
Serial Device Servers
gsen.gif
Linux
Appliance Servers
gsen.gif
Bluetooth and UWB Solutions
gsen.gif
Accessories
gsen.gif
OEM and Software Solutions
underline.gif
Address: silex technology america, Inc., 157 W 7065 S , Salt Lake City, UT, 84047
Phone: 801-748 - 1199, Fax: 801-748-0730,
Email: Tech support: support@silexamerica.com, Other inquiries: contact@silexamerica.com

Copyright(C) silex technology america, Inc. All rights reserved.