Ma Wireless Controller Catalyst Access Points Ophatikizidwa
Wogwiritsa Ntchito
Ma Wireless Controller Catalyst Access Points Ophatikizidwa
Kuthandizira kwa Hash-to-Element kwa Chinsinsi cha Mawu achinsinsi mu SAE Authentication
- Hash-to-Element (H2E), patsamba 1
- YANG (RPC model), patsamba 1
- Kukonza WPA3 SAE H2E, patsamba 2
- Kutsimikizira Thandizo la WPA3 SAE H2E mu WLAN, patsamba 4
Hash-to-Element (H2E)
Hash-to-Element (H2E) ndi njira yatsopano ya SAE Password Element (PWE). Mwanjira iyi, PWE yachinsinsi yomwe imagwiritsidwa ntchito mu protocol ya SAE imapangidwa kuchokera ku mawu achinsinsi.
Pamene STA yomwe imathandizira H2E imayambitsa SAE ndi AP, imayang'ana ngati AP ikuthandizira H2E. Ngati inde, AP imagwiritsa ntchito H2E kuti ipeze PWE pogwiritsa ntchito nambala ya Status Code yomwe yangofotokozedwa kumene mu uthenga wa SAE Commit.
Ngati STA imagwiritsa ntchito Hunting-ndi-Pecking, kusinthanitsa konse kwa SAE sikunasinthe.
Pogwiritsa ntchito H2E, kutengera kwa PWE kumagawidwa m'zigawo zotsatirazi:
- Kutengedwa kwa chinthu chachinsinsi chapakati pa PT kuchokera pachinsinsi. Izi zitha kuchitidwa osalumikizidwa pa intaneti pomwe mawu achinsinsi akhazikitsidwa pachida chilichonse chothandizira.
- Kutulutsidwa kwa PWE kuchokera ku PT yosungidwa. Izi zimatengera gulu lomwe mwakambirana komanso ma adilesi a MAC a anzawo. Izi zimachitika munthawi yeniyeni pakusinthana kwa SAE.
Zindikirani
- Njira ya H2E imaphatikizanso chitetezo ku gulu la Gulu la Downgrade man-in-the-katikati. Panthawi ya kusinthana kwa SAE, anzawo amasinthanitsa mndandanda wamagulu okanidwa omwe adaphatikizidwa muzotengera za PMK. Mnzake aliyense amayerekezera mndandanda womwe walandilidwa ndi mndandanda wamagulu omwe amathandizidwa, kusiyana kulikonse kumazindikira kuwukira kotsika ndikuthetsa kutsimikizika.
YANG (RPC model)
Kuti mupange RPC ya SAE Password Element (PWE), gwiritsani ntchito RPC iyi:
Zindikirani
Ntchito yochotsa imagwira ntchito imodzi panthawi imodzi chifukwa cha kuchepa kwa infra. Ndiko kuti, mu gawo la YANG, ntchito yochotsa pama node angapo sikuthandizidwa.
Kukonza WPA3 SAE H2E
| Ndondomeko | Lamulo kapena Ntchito | Cholinga |
| Gawo 1 | konza terminal ExampLe: Chipangizo # sinthani terminal |
Ikulowetsani masinthidwe apadziko lonse lapansi. |
| Gawo 2 | wan wan-name adasokoneza SSID-name ExampLe: Chipangizo(config)# wan WPA3 1 WPA3 |
Ikulowetsani kachitidwe kakang'ono ka WLAN. |
| Gawo 3 | palibe chitetezo wpa akm dot1x ExampLe: Chipangizo(config-wlan)# palibe chitetezo wpaakm dot1x |
Imayimitsa chitetezo AKM pa dot1x. |
| Gawo 4 | palibe chitetezo ft over-the-ds ExampLe: Chipangizo(config-wlan)# palibe chitetezo ft over-the-ds |
Imayimitsa kusintha kwachangu kugwero la data pa WLAN. |
| Gawo 5 | palibe chitetezo ft ExampLe: Chipangizo(config-wlan)# palibe chitetezo ft |
Imaletsa kusintha kwa 802.11r pa WLAN. |
| Gawo 6 | palibe chitetezo wpa wpa2 EksampLe: Chipangizo(config-wlan)# palibe chitetezo wpa wpa2 |
Imalepheretsa chitetezo cha WPA2. PMF ndiyoyimitsidwa tsopano. |
| Gawo 7 | chitetezo wpa wpa2 ciphers aes ExampLe: Chipangizo(config-wlan)# chitetezo wpa wpa2 ciphers aes |
Kukhazikitsa WPA2 cipher. Zindikirani Mutha kuyang'ana ngati cipher imakonzedwa popanda chitetezo wpa wpa2 ciphers aes command. Ngati cipher sinakhazikitsidwenso, konzani fayilo ya cipher. |
| Gawo 8 | chitetezo wpa psk set-key ascii mtengo wogawana-kiyi ExampLe: Chipangizo(config-wlan)# chitetezo wpa psk set-key ascii 0 Cisco123 |
Imatchula kiyi yokonzedweratu. |
| Gawo 9 | chitetezo wpa wpa3 EksampLe: Chipangizo(config-wlan)# chitetezo wpa wpa3 |
Imathandizira thandizo la WPA3. |
| Gawo 10 | chitetezo wpa akm kuona EksampLe: Chipangizo(config-wlan)# chitetezo wpa akm sae |
Imathandizira thandizo la AKM SAE. |
| Gawo 11 | chitetezo wpa akm see pwe {h2e | hnp | zonse-h2e-hnp} ExampLe: Chipangizo(config-wlan)# chitetezo wpa akm see pwe |
Imathandizira thandizo la AKM SAE PWE. PWE imathandizira zotsatirazi: • h2e—Hash-to-Element yokha; imalepheretsa Hnp. • hnp—Kusaka ndi Pecking kokha; imalepheretsa H2E. • Both-h2e-hnp—Zonse za Hash-to-Element ndi Hunting ndi Pecking support (Ndiyo njira yokhazikika). |
| Gawo 12 | palibe shutdown ExampLe: Chipangizo(config-wlan)# palibe kuzimitsa |
Imathandizira WLAN. |
| Gawo 13 | kumaliza EksampLe: Chipangizo(config-wlan)# end |
Kubwerera ku mawonekedwe amwayi a EXEC. |
Kutsimikizira Thandizo la WPA3 SAE H2E mu WLAN
Ku view katundu wa WLAN (njira ya PWE) kutengera WLAN ID, gwiritsani ntchito lamulo ili:
Kuti mutsimikizire kuyanjana kwamakasitomala omwe agwiritsa ntchito njira ya PWE monga H2E kapena Hnp, gwiritsani ntchito lamulo ili:
Ku view kuchuluka kwa zotsimikizika za SAE pogwiritsa ntchito H2E ndi HnP, gwiritsani ntchito lamulo ili:
Kuthandizira kwa Hash-to-Element kwa Chinsinsi cha Mawu achinsinsi mu SAE Authentication
Zolemba / Zothandizira
 |
CISCO Yophatikizidwa ndi Wireless Controller Catalyst Access Points [pdf] Buku Logwiritsa Ntchito Malo Ophatikizidwa Opanda Mawaya Othandizira Othandizira, Malo Othandizira Opanda Ziwaya, Malo Othandizira Othandizira, Malo Othandizira, Malo Ofikira, Mfundo |