Wireless Configuration 5-9
2. Click the Kerberos Configuration button to display a sub-screen for authentication settings.
3. A realm name functions similarly to a DNS domain name. In theory, the realm name is arbitrary; however, in practice a
Kerberos realm is typically named using an uppercase version of the DNS domain name that is associated with hosts
in the realm. Specify a realm name that is case-sensitive, for example, MyCompany.com.
4. Specify a Username for the Kerberos configuration.
5. Specify a Password for the Kerberos configuration.
The Key Distribution Center (KDC) implements an authentication service and a ticket granting service, whereby an
authorized user is granted a ticket that is encrypted with the user’s password. The KDC has a copy of every user
password.
6. Specify a server IP address and a port to be used as the Primary KDC.
7. Optionally, specify a Backup KDC server by providing the IP address and port.
8. Optionally, specify a Remote KDC server by providing the IP address and port.
9. Make sure that NTP is enabled (go to System Configuration --> NTP Servers from the left menu). NTP is required for
Kerberos Authentication. For more information, see Specifying a Network Time Protocol (NTP) Server.
10. Click Ok when done.
Setting the Encryption Method
Encryption applies a specific algorithm to data to alter its appearance and prevent unauthorized reading. Decryption applies
the algorithm in reverse to restore the data to its original form. Sender and receiver employ the same encryption/decryption
method.
The WS 2000 Wireless Switch provides four methods for data encryption: WEP, KeyGuard, WPA-TKIP, and WPA2-CCMP
(802.11i). The WPA-TKIP and KeyGuard methods use WEP 104-bit key encryption. WPA-TKIP offers the highest level of
security among the encryption methods available with the switch.
Configuring WEP Encryption
Wired Equivalent Privacy (WEP) is a security protocol specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b. WEP
is designed to provide a WLAN with a level of security and privacy comparable to that of a wired LAN. WEP might be all that
a small-business user needs for the simple encryption of wireless data. However, networks that require more security are
at risk from a WEP flaw. The existing 802.11 standard alone offers administrators no effective method to update keys. Key
changes require the manual reconfiguration of each Access Port. An unauthorized person with a sniffing tool can monitor a
network for less than a day and decode its encrypted messages.
WEP is available in two encryption modes: 40 bit (also called 64-bit) and 104 bit (also called 128 bit). The 104-bit encryption
mode provides a longer algorithm that takes longer to decode than that of the 40-bit encryption mode.