Embedded Wireless Controller Catalyst Access Points
Cov neeg siv phau ntawv qhia
Embedded Wireless Controller Catalyst Access Points
Kev them nyiaj yug rau Hash-to-Element rau Password Element hauv SAE Authentication
- Hash-to-Element (H2E), nyob rau nplooj 1
- YANG (RPC qauv), ntawm nplooj 1
- Configuring WPA3 SAE H2E, ntawm nplooj 2
- Txheeb xyuas WPA3 SAE H2E Kev Txhawb Nqa hauv WLAN, ntawm nplooj 4
Hash-to-Element (H2E)
Hash-to-Element (H2E) yog SAE Password Element (PWE) tshiab. Hauv cov qauv no, PWE zais cia siv hauv SAE raws tu qauv yog tsim los ntawm tus password.
Thaum STA uas txhawb nqa H2E pib SAE nrog AP, nws xyuas seb AP puas txhawb H2E. Yog tias muaj, AP siv H2E los muab cov PWE los ntawm kev siv tus nqi teev tseg tshiab hauv Txoj Cai SAE Commit lus.
Yog tias STA siv Hunting-and-Pecking, tag nrho SAE pauv tseem tsis hloov pauv.
Thaum siv H2E, PWE muab faib ua cov hauv qab no:
- Derivation ntawm ib tug zais cia intermediary keeb PT los ntawm tus password. Qhov no tuaj yeem ua tau offline thaum tus password tau pib teeb tsa ntawm lub cuab yeej rau txhua pab pawg txhawb nqa.
- Derivation ntawm PWE los ntawm khaws cia PT. Qhov no nyob ntawm pawg sib tham thiab MAC chaw nyob ntawm cov phooj ywg. Qhov no tau ua nyob rau hauv lub sijhawm tiag tiag thaum lub sijhawm sib pauv SAE.
Nco tseg
- Txoj kev H2E kuj suav nrog kev tiv thaiv ntawm Pawg Downgrade txiv neej-hauv-tus-nruab nrab tawm tsam. Thaum lub sij hawm sib pauv SAE, cov phooj ywg sib pauv cov npe ntawm pawg tsis lees paub tau muab tso rau hauv PMK derivation. Txhua tus phooj ywg sib piv cov npe tau txais nrog cov npe ntawm cov pab pawg txhawb nqa, txhua qhov tsis sib xws pom qhov kev tawm tsam qis thiab txiav tawm qhov kev lees paub.
YANG (RPC qauv)
Txhawm rau tsim RPC rau SAE Password Element (PWE) hom, siv tus qauv RPC hauv qab no:
Nco tseg
Kev rho tawm haujlwm ua ib qho kev txiav txim ntawm ib lub sijhawm vim qhov kev txwv tam sim no infra. Ntawd yog, hauv YANG module, kev rho tawm haujlwm ntawm ntau lub nodes tsis txaus siab.
Configuring WPA3 SAE H2E
| Txheej txheem | Hais kom ua los yog ua | Lub hom phiaj |
| Kauj ruam 1 | configure lub davhlau ya nyob twg Example: Ntaus # configure terminal |
Nkag mus rau hom kev teeb tsa thoob ntiaj teb. |
| Kauj ruam 2 | wan wan-name waned SSID-npe Example: Device(config)# wan WPA3 1 WPA3 |
Nkag mus rau WLAN configuration sub-mode. |
| Kauj ruam 3 | tsis muaj kev ruaj ntseg wpa akm dot1x Example: Device(config-wlan)# tsis muaj kev ruaj ntseg wpaakm dot1x |
Disables kev ruaj ntseg AKM rau dot1x. |
| Kauj ruam 4 | tsis muaj kev ruaj ntseg ft dhau-tus-ds Example: Device(config-wlan)# tsis muaj kev ruaj ntseg ft over-the-ds |
Disables ceev kev hloov pauv ntawm cov ntaub ntawv hauv WLAN. |
| Kauj ruam 5 | tsis muaj kev ruaj ntseg ft Example: Device(config-wlan)# tsis muaj kev ruaj ntseg ft |
Disables 802.11r ceev hloov pauv ntawm WLAN. |
| Kauj ruam 6 | tsis muaj kev ruaj ntseg wpa wpa2 Example: Device(config-wlan)# tsis muaj kev ruaj ntseg wpa wpa2 |
Disables WPA2 kev ruaj ntseg. PMF yog neeg xiam tam sim no. |
| Kauj ruam 7 | kev ruaj ntseg wpa wpa2 ciphers aes Example: Device(config-wlan)# kev ruaj ntseg wpa wpa2 ciphers aes |
Configures WPA2 cipher. Nco ntsoov Koj tuaj yeem tshawb xyuas seb cov ntawv cipher puas tau teeb tsa siv tsis muaj kev ruaj ntseg wpa wpa2 ciphers aes hais kom ua. Yog tias qhov cipher tsis rov pib dua, teeb tsa lub cipher. |
| Kauj ruam 8 | kev ruaj ntseg wpa psk set-key ascii tus nqi preshared-key Example: Device(config-wlan)# kev ruaj ntseg wpa psk set-key ascii 0 Cisco123 |
Qhia tus yuam sij presaged. |
| Kauj ruam 9 | kev ruaj ntseg wpa wpa3 Example: Device(config-wlan)# kev ruaj ntseg wpa wpa3 |
Pab txhawb WPA3. |
| Kauj ruam 10 | kev ruaj ntseg wpa akm sae Example: Device(config-wlan)# kev ruaj ntseg wpa akm sae |
Pab txhawb AKM SAE. |
| Kauj ruam 11 | kev ruaj ntseg wpa akm sae pwe {h2e | hnp | ob-h2e-hnp} Example: Device(config-wlan)# kev ruaj ntseg wpa akm sae pwe |
Pab txhawb AKM SAE PWE. PWE txhawb cov kev xaiv hauv qab no: • h2e—Hash-to-Element nkaus xwb; disables Hnp. • hnp—Kev yos hav zoov thiab pecking nkaus xwb; disable H2E. • Ob leeg-h2e-hnp—ob leeg Hash-rau-Element thiab Yos Hav Zoov thiab Pecking kev txhawb nqa (Yog qhov kev xaiv ua ntej). |
| Kauj ruam 12 | tsis kaw Example: Ntaus (config-wlan) # tsis muaj kev kaw |
Enables WLAN. |
| Kauj ruam 13 | kawg Example: Device(config-wlan)# kawg |
Rov qab mus rau qhov tsim nyog EXEC hom. |
Txheeb xyuas WPA3 SAE H2E Kev Txhawb Nqa hauv WLAN
Rau view cov khoom WLAN (PWE method) raws li WLAN ID, siv cov lus txib nram qab no:
Txhawm rau txheeb xyuas lub koom haum cov neeg siv khoom uas tau siv PWE txoj kev ua H2E lossis Hnp, siv cov lus txib hauv qab no:
Rau view tus naj npawb ntawm SAE authentications siv H2E thiab HnP, siv cov lus txib hauv qab no:
Kev them nyiaj yug rau Hash-to-Element rau Password Element hauv SAE Authentication
Cov ntaub ntawv / Cov ntaub ntawv
 |
CISCO Embedded Wireless Controller Catalyst Access Points [ua pdf] Cov neeg siv phau ntawv qhia Embedded Wireless Controller Catalyst Access Points, Wireless Controller Catalyst Access Points, Controller Catalyst Access Points, Catalyst Access Points, Access Points, Cov ntsiab lus |