Libaka tse Kenyellelitsoeng tsa Wireless Controller Catalyst Access Points
Bukana ea Mosebelisi
Libaka tse Kenyellelitsoeng tsa Wireless Controller Catalyst Access Points
Tšehetso bakeng sa Hash-to-Element bakeng sa Password Element ho SAE Authentication
- Hash-to-Element (H2E), leqepheng la 1
- YANG (RPC model), leqepheng la 1
- Ho lokisa WPA3 SAE H2E, leqepheng la 2
- Ho netefatsa Tšehetso ea WPA3 SAE H2E ho WLAN, leqepheng la 4
Hash-to-Element (H2E)
Hash-to-Element (H2E) ke mokhoa o mocha oa SAE Password Element (PWE). Ka mokhoa ona, PWE ea lekunutu e sebelisitsoeng ho protocol ea SAE e hlahisoa ho tsoa ho password.
Ha STA e tšehetsang H2E e qala SAE ka AP, e hlahloba hore na AP e tšehetsa H2E. Haeba ho joalo, AP e sebelisa H2E ho fumana PWE ka ho sebelisa boleng bo sa tsoa hlalosoa ba Status Code molaetseng oa Boitlamo ba SAE.
Haeba STA e sebelisa Hunting-and-Pecking, phapanyetsano eohle ea SAE e lula e sa fetohe.
Ha o ntse o sebelisa H2E, tlhahiso ea PWE e arotsoe ka likarolo tse latelang:
- Ho tlosoa ha karolo ea lekunutu ea PT ho tsoa ho password. Sena se ka etsoa offline ha phasewete qalong configured ka sesebediswa bakeng sa e mong le e tšehetso sehlopha.
- Ho ntšoa ha PWE ho tsoa ho PT e bolokiloeng. Sena se ipapisitse le sehlopha se buisanoeng le liaterese tsa MAC tsa lithaka. Sena se etsoa ka nako ea nnete nakong ea phapanyetsano ea SAE.
Hlokomela
- Mokhoa oa H2E o boetse o kenyelletsa tšireletso khahlanong le litlhaselo tsa banna ba bohareng ba Group Downgrade. Nakong ea phapanyetsano ea SAE, lithaka li fapanyetsana lethathamo la lihlopha tse lahliloeng tse kopantsoeng ho tsoa ho PMK. Mothaka e mong le e mong o bapisa lethathamo le amoheloang le lenane la lihlopha tse tšehetsoeng, ho se lumellane hofe kapa hofe ho lemoha tlhaselo ea ho theoha le ho felisa ho netefatsa.
YANG (mohlala oa RPC)
Ho theha RPC bakeng sa mokhoa oa SAE Password Element (PWE), sebelisa mofuta o latelang oa RPC:
Hlokomela
Ts'ebetso ea ho hlakola e etsa ketso e le 'ngoe ka nako ka lebaka la moedi oa hajoale oa infra. Ke hore, ho YANG module, ts'ebetso ea ho hlakola ho li-node tse ngata ha e tšehetsoe.
Ho lokisa WPA3 SAE H2E
| Tsamaiso | Taelo kapa Ketso | Morero |
| Mohato oa 1 | lokisa terminal ExampLe: Sesebelisoa # lokisa terminal |
E kenya mokhoa oa tlhophiso ea lefats'e. |
| Mohato oa 2 | wan wan-name o fokotsehile SSID-lebitso ExampLe: Sesebelisoa(config)# wan WPA3 1 WPA3 |
E kenya mokhoa o monyane oa tlhophiso ea WLAN. |
| Mohato oa 3 | ha ho tshireletso wpa akm dot1x ExampLe: Sesebelisoa(config-wlan)# ha ho tshireletso wpaakm dot1x |
E tima ts'ireletso ea AKM bakeng sa dot1x. |
| Mohato oa 4 | no security ft over-the-ds ExampLe: Sesebelisoa(config-wlan)# ha ho na tshireletso ft over-the-ds |
E thibela phetoho e potlakileng holima mohloli oa data ho WLAN. |
| Mohato oa 5 | ha ho tshireletso ft ExampLe: Sesebelisoa(config-wlan)# ha ho na tshireletso ft |
E thibela phetoho e potlakileng ea 802.11r ho WLAN. |
| Mohato oa 6 | ha ho na tshireletso wpa wpa2 ExampLe: Sesebelisoa(config-wlan)# ha ho tshireletso wpa wpa2 |
E tima ts'ireletso ea WPA2. PMF e holofetse hona joale. |
| Mohato oa 7 | tshireletso wpa wpa2 ciphers aes ExampLe: Sesebelisoa(config-wlan)# tshireletso wpa wpa2 ciphers aes |
E lokisa WPA2 cipher. Tlhokomeliso O ka hlahloba hore na cipher e hlophisitsoe ho se na ts'ireletso ea wpa wpa2 ciphers aes command. Haeba cipher e sa hlophisoa bocha, lokisa cipher/ |
| Mohato oa 8 | tshireletso wpa psk set-key ascii bohlokoa preshared-key ExampLe: Sesebelisoa(config-wlan)# tshireletso wpa psk set-key ascii 0 Cisco123 |
E totobatsa senotlolo se boletsoeng esale pele. |
| Mohato oa 9 | tshireletso wpa wpa3 ExampLe: Sesebelisoa(config-wlan)# tshireletso wpa wpa3 |
E nolofalletsa tšehetso ea WPA3. |
| Mohato oa 10 | tshireletso wpa akm see ExampLe: Sesebelisoa(config-wlan)# tshireletso wpa akm sae |
E nolofalletsa tšehetso ea AKM SAE. |
| Mohato oa 11 | tshireletso wpa akm see pwe {h2e | hnp | bobeli-h2e-hnp} ExampLe: Sesebelisoa(config-wlan)# tshireletso wpa akm sae pwe |
E nolofalletsa tšehetso ea AKM SAE PWE. PWE e tšehetsa likhetho tse latelang: • h2e—Hash-to-Element feela; e thibela Hnp. • hnp—Ho tsoma le ho Pecking feela; E thibela H2E. • Both-h2e-hnp—Both Hash-to-Element le Hunting and Pecking support (Ke khetho ea kamehla). |
| Mohato oa 12 | ha ho shutdown ExampLe: Sesebelisoa(config-wlan)# ha ho na shutdown |
E nolofalletsa WLAN. |
| Mohato oa 13 | qetellong ExampLe: Sesebelisoa(config-wlan)# end |
E khutlela ho mokhoa o khethehileng oa EXEC. |
Ho netefatsa Tšehetso ea WPA3 SAE H2E ho WLAN
Ho view thepa ea WLAN (mokhoa oa PWE) o ipapisitse le ID ea WLAN, sebelisa taelo e latelang:
Ho netefatsa mokhatlo oa bareki ba sebelisitseng mokhoa oa PWE joalo ka H2E kapa Hnp, sebelisa taelo e latelang:
Ho view palo ea netefatso ea SAE e sebelisang H2E le HnP, sebelisa taelo e latelang:
Tšehetso bakeng sa Hash-to-Element bakeng sa Password Element ho SAE Authentication
Litokomane / Lisebelisoa
 |
CISCO E Kenyellelitsoeng Wireless Controller Catalyst Access Points [pdf] Bukana ea Mosebelisi Libaka tse Kenyellelitsoeng tsa Wireless Catalyst Access Points, Sebaka sa ho Finyella Selaoli se se Nang Wireless, Libaka tsa Phihlello tsa Selaoli, Lintlha tsa Phihlello, Lintlha tsa Phihlello, Lintlha. |