I-CISCO ifakwe kwi-Wireless Controller ye-Catalyst yokuFikelela iiNdawo zeSikhokelo soMsebenzisi

IiNdawo zoFikelelo zoFikelelo lwe-Wireless Catalyst
Isikhokelo somsebenzisi

Imixholo fihla

1 IiNdawo zoFikelelo zoFikelelo lwe-Wireless Catalyst

2 Hash-to-Element (H2E)

3 YANG (imodeli yeRPC)

4 Ukuqwalasela i-WPA3 SAE H2E

5 Ukuqinisekisa i-WPA3 SAE H2E Inkxaso kwi-WLAN

6 Amaxwebhu / Izibonelelo

6.1 Iimbekiselo

IiNdawo zoFikelelo zoFikelelo lwe-Wireless Catalyst

Inkxaso yeHash-to-Element yePassword Element kwi-SAE Authentication

IHash-to-Element (H2E), kwiphepha loku-1

YANG (imodeli yeRPC), kwiphepha loku-1
Ukuqwalasela i-WPA3 SAE H2E, kwiphepha lesi-2

Ukuqinisekisa i-WPA3 SAE H2E Inkxaso kwi-WLAN, kwiphepha lesi-4

Hash-to-Element (H2E)

I-Hash-to-Element (H2E) yindlela entsha ye-SAE Password Element (PWE). Ngale ndlela, i-PWE eyimfihlo esetyenziswa kwi-protocol ye-SAE yenziwa kwi-password.
Xa i-STA exhasa i-H2E iqalisa i-SAE nge-AP, ijonga ukuba i-AP iyayixhasa i-H2E. Ukuba ewe, i-AP isebenzisa i-H2E ukufumana i-PWE ngokusebenzisa ixabiso leKhowudi yeNdawo esanda kuchazwa kumyalezo we-SAE Commit.
Ukuba i-STA isebenzisa i-Hunting-and-Pecking, yonke i-SAE yotshintshiselwano ihlala ingatshintshi.
Ngelixa usebenzisa i-H2E, i-PWE derivation yahlulwe yangamacandelo alandelayo:

Ukutsalwa kwento eyimfihlo yesilamli PT ukusuka kwigama lokugqitha. Oku kunokwenziwa ngaphandle kweintanethi xa igama lokugqitha liqwalaselwe okokuqala kwisixhobo kwiqela ngalinye elixhaswayo.
Ukukhutshwa kwe-PWE kwi-PT egciniweyo. Oku kuxhomekeke kwiqela ekuthethwe ngalo kunye needilesi ze-MAC zoontanga. Oku kwenziwa ngexesha langempela ngexesha lotshintshiselwano lwe-SAE.

Phawula

Indlela ye-H2E ikwabandakanya ukhuseleko kuhlaselo lweGroup Downgrade indoda ephakathi. Ngexesha lotshintshiselwano lwe-SAE, oontanga batshintshisa uluhlu lwamaqela anqatshiwe ahlanganiswe kwi-PMK derivation. Intanga nganye ithelekisa uluhlu olufunyenweyo kunye noluhlu lwamaqela axhaswayo, nayiphi na ingxabano ibona ukuhlaselwa kokunciphisa kwaye iphelisa ukuqinisekiswa.

YANG (imodeli yeRPC)

Ukwenza i-RPC yemo ye-SAE Password Element (PWE), sebenzisa le modeli ilandelayo ye-RPC:
Phawula

Umsebenzi wokucima wenza intshukumo ibe nye ngexesha ngenxa yomda wangoku we-infra. Oko kukuthi, kwimodyuli yeYANG, umsebenzi wokucima kwiindawo ezininzi azixhaswanga.

Ukuqwalasela i-WPA3 SAE H2E

Inkqubo	Umyalelo okanye isenzo	Injongo
Inyathelo loku-1	qwalasela i-terminal Example: Isixhobo# qwalasela i-terminal	Ingena kwimowudi yoqwalaselo yehlabathi.
Inyathelo loku-2	wan wan-igama liyekile SSID-igama Example: Isixhobo(config)# wan WPA3 1 WPA3	Ingenisa imowudi yoqwalaselo ye-WLAN.
Inyathelo loku-3	akukho ukhuseleko wpa akm dot1x Example: Isixhobo(config-wlan)# akukho khuseleko wpaakm dot1x	Ivala ukhuseleko lwe-AKM ye-dot1x.
Inyathelo loku-4	akukho lukhuseleko ft phezu-the-ds Example: Isixhobo(config-wlan)# akukho khuseleko ft phezu kwe-ds	Ikhubaza utshintsho olukhawulezayo kumthombo wedatha kwiWLAN.
Inyathelo loku-5	akukho khuseleko ft Example: Isixhobo(config-wlan)# akukho ukhuseleko ft	Ikhubaza i-802.11r inguqu ekhawulezayo kwi-WLAN.
Inyathelo loku-6	akukho lukhuseleko wpa wpa2 Eksample: Isixhobo(config-wlan)# akukho khuseleko wpa wpa2	Ivala ukhuseleko lweWPA2. I-PMF ikhubazekile ngoku.
Inyathelo loku-7	ukhuseleko wpa wpa2 ciphers aes Example: Isixhobo(config-wlan)# ukhuseleko wpa wpa2 ciphers aes	Iqwalasela i-WPA2 i-cipher. Qaphela Ungajonga ukuba i-cipher iqwalaselwe ngokusebenzisa akukho khuseleko wpa wpa2 ciphers aes command. Ukuba i-cipher ayimiselwanga ngokutsha, qwalasela i i-cipher.
Inyathelo loku-8	ukhuseleko wpa psk seti-isitshixo se-ascii ixabiso ekwabelwana ngalo-isitshixo Example: Isixhobo(config-wlan)# ukhuseleko wpa psk set-key ascii 0 Cisco123	Ixela iqhosha elixelwe kwangaphambili.
Inyathelo loku-9	ukhuseleko wpa wpa3 Eksample: Isixhobo(config-wlan)# ukhuseleko wpa wpa3	Yenza inkxaso ye-WPA3.
Inyathelo loku-10	ukhuseleko wpa akm see Example: Isixhobo(config-wlan)# ukhuseleko wpa akm sae	Yenza inkxaso ye-AKM SAE.
Inyathelo loku-11	ukhuseleko wpa akm sae pwe {h2e \| hnp \| zombini-h2e-hnp} Example: Isixhobo(config-wlan)# ukhuseleko wpa akm sae pwe	Yenza inkxaso ye-AKM SAE PWE. I-PWE ixhasa ezi ndlela zilandelayo: • h2e—Hash-to-Element kuphela; ikhubaza i-Hnp. • hnp—Ukuzingela nokuPecking kuphela; ikhubaza i-H2E. • I-Both-h2e-hnp-Zombini i-Hash-to-Element kunye nenkxaso yokuHunting kunye ne-Pecking (Yeyona ndlela ikhethiweyo).
Inyathelo loku-12	akukho citdown Example: Isixhobo(config-wlan)# akukho luciko	Yenza iWLAN.
Inyathelo loku-13	isiphelo Eksample: Isixhobo(config-wlan)# ekupheleni	Ibuyisela kwimo ye-EXEC enelungelo.

Ukuqinisekisa i-WPA3 SAE H2E Inkxaso kwi-WLAN

Ukuya view iipropati ze-WLAN (indlela ye-PWE) esekwe kwi-ID ye-WLAN, sebenzisa lo myalelo ulandelayo:

Ukuqinisekisa umanyano lwabathengi abasebenzise indlela ye-PWE njenge-H2E okanye i-Hnp, sebenzisa lo myalelo ulandelayo:

Ukuya view inani loqinisekiso lwe-SAE usebenzisa i-H2E ne-HnP, sebenzisa lo myalelo ulandelayo:

Inkxaso yeHash-to-Element yePassword Element kwi-SAE Authentication

Amaxwebhu / Izibonelelo

IiNdawo zokuFikelela kwi-CISCO yoMlawuli ongenazingcingo [pdf] Isikhokelo somsebenzisi
IiNdawo zokuFikelela zesiLawuli esingenaMcingo eziNgenamngcingo, iiNdawo zokuFikelela zoMlawuli ongenazingcingo, iiNdawo zokuFikelela zoMlawuli, iiNdawo zokuFikelela, iiNdawo zokuFikelela, iiNdawo

Iimbekiselo

Incwadi yokusebenzisa