Amaphoyinti Okufinyelela Okulawula Okungenantambo Ashumekiwe
Umhlahlandlela Womsebenzisi
Amaphoyinti Okufinyelela Okulawula Okungenantambo Ashumekiwe
Usekelo lwe-Hash-to-Element ye-Password Element ku-SAE Authentication
- I-Hash-to-Element (H2E), ekhasini 1
- I-YANG (imodeli ye-RPC), ekhasini 1
- Ilungiselela i-WPA3 SAE H2E, ekhasini lesi-2
- Ukuqinisekisa Ukusekelwa kwe-WPA3 SAE H2E ku-WLAN, ekhasini lesi-4
I-Hash-to-Element (H2E)
I-Hash-to-Element (H2E) iyindlela entsha ye-SAE Password Element (PWE). Ngale ndlela, i-PWE eyimfihlo esetshenziswa kuphrothokholi ye-SAE yenziwa ngephasiwedi.
Lapho i-STA esekela i-H2E iqala i-SAE nge-AP, ihlola ukuthi i-AP iyayisekela yini i-H2E. Uma kunjalo, i-AP isebenzisa i-H2E ukuze ithole i-PWE ngokusebenzisa inani elisanda kuchazwa Lekhodi Yesimo kumlayezo we-SAE Commit.
Uma i-STA isebenzisa i-Hunting-and-Pecking, yonke i-SAE exchange ihlala ingashintshile.
Ngenkathi usebenzisa i-H2E, ukutholwa kwe-PWE kuhlukaniswe izingxenye ezilandelayo:
- Ukutholwa kwento eyimfihlo yomlamuli PT kusuka kuphasiwedi. Lokhu kungenziwa ungaxhunyiwe ku-inthanethi uma iphasiwedi ilungiswa ekuqaleni kudivayisi yeqembu ngalinye elisekelwayo.
- Ukukhishwa kwe-PWE ku-PT egciniwe. Lokhu kuncike eqenjini okuxoxiswene ngalo kanye namakheli e-MAC ontanga. Lokhu kwenziwa ngesikhathi sangempela ngesikhathi sokushintshisana kwe-SAE.
Qaphela
- Indlela ye-H2E iphinde ihlanganise ukuvikelwa ekuhlaselweni kwe-Group Downgrade indoda ephakathi nendawo. Ngesikhathi sokushintshisana kwe-SAE, ontanga bashintshanisa izinhlu zamaqembu anqatshiwe ahlanganiswe kokuphuma kwe-PMK. Intanga ngayinye iqhathanisa uhlu olutholiwe nohlu lwamaqembu asekelwayo, noma yikuphi ukungafani kuthola ukuhlaselwa kokwehliswa bese kunqamula ukuqinisekiswa.
I-YANG (imodeli ye-RPC)
Ukuze udale i-RPC yemodi ye-SAE Password Element (PWE), sebenzisa imodeli ye-RPC elandelayo:
Qaphela
Umsebenzi wokususa wenza isenzo esisodwa ngesikhathi ngenxa yomkhawulo wamanje we-infra. Okusho ukuthi, kumojula ye-YANG, ukusebenza kokususa kumanodi amaningi akusekelwe.
Ilungiselela i-WPA3 SAE H2E
| Inqubo | Umyalo noma Isenzo | Inhloso |
| Isinyathelo 1 | lungisa itheminali Example: Idivayisi# lungiselela itheminali |
Ingena kumodi yokucushwa komhlaba wonke. |
| Isinyathelo 2 | wan wan-name wehlisiwe SSID-igama Example: Idivayisi(config)# wan WPA3 1 WPA3 |
Ifaka imodi engaphansi yokucushwa kwe-WLAN. |
| Isinyathelo 3 | akukho ukuphepha wpa akm dot1x Example: Idivayisi(config-wlan)# akukho ukuphepha wpaakm dot1x |
Ikhubaza i-AKM yokuphepha ye-dot1x. |
| Isinyathelo 4 | akukho ukuphepha ft phezu-the-ds Eksample: Idivayisi(config-wlan)# akukho ukuphepha ft phezu-the-ds |
Ikhubaza ukushintshwa okusheshayo phezu komthombo wedatha ku-WLAN. |
| Isinyathelo 5 | akukho zokuphepha ft Example: Idivayisi(config-wlan)# akukho ft |
Ikhubaza inguquko esheshayo engu-802.11r ku-WLAN. |
| Isinyathelo 6 | akukho ukuphepha wpa wpa2 Eksample: Idivayisi(config-wlan)# akukho ukuphepha wpa wpa2 |
Ikhubaza ukuphepha kwe-WPA2. I-PMF ikhutshaziwe manje. |
| Isinyathelo 7 | ukuphepha wpa wpa2 ciphers aes Example: Idivayisi(config-wlan)# ukuphepha wpa wpa2 ciphers aes |
Ilungiselela i-WPA2 cipher. Qaphela Ungahlola ukuthi i-cipher imisiwe ngokusebenzisa ukuphepha kwe-wpa wpa2 ciphers aes umyalo. Uma i-cipher ingasethiwe kabusha, lungiselela i- i-cipher. |
| Isinyathelo 8 | i-wpa yezokuphepha ye-psk setha-ukhiye we-ascii inani lokhiye owabiwe ngaphambili Eksample: Idivayisi(config-wlan)# security wpa psk set-key ascii 0 Cisco123 |
Icacisa ukhiye oshiwo ngaphambili. |
| Isinyathelo 9 | ukuphepha wpa wpa3 Eksample: Idivayisi(config-wlan)# security wpa wpa3 |
Inika amandla usekelo lwe-WPA3. |
| Isinyathelo 10 | ukuphepha wpa akm ubone Example: Idivayisi(config-wlan)# security wpa akm sae |
Inika amandla usekelo lwe-AKM SAE. |
| Isinyathelo 11 | ukuphepha wpa akm sae pwe {h2e | hnp | kokubili-h2e-hnp} Example: Idivayisi(config-wlan)# security wpa akm sae pwe |
Inika amandla usekelo lwe-AKM SAE PWE. I-PWE isekela izinketho ezilandelayo: • h2e—Hash-to-Element kuphela; ikhubaza i-Hnp. • hnp—Ukuzingela nokuPecking kuphela; ikhubaza i-H2E. • I-Both-h2e-hnp—Kokubili i-Hash-to-Element kanye nokusekelwa kwe-Hunting and Pecking (Inketho ezenzakalelayo). |
| Isinyathelo 12 | akukho ukuvala shaqa Example: Idivayisi(config-wlan)# akukho ukuvala shaqa |
Inika amandla i-WLAN. |
| Isinyathelo 13 | phetha Example: Idivayisi(config-wlan)# end |
Ibuyela kumodi ye-EXEC enelungelo. |
Iqinisekisa ukwesekwa kwe-WPA3 SAE H2E ku-WLAN
Kuya view izakhiwo ze-WLAN (indlela ye-PWE) esekelwe ku-ID ye-WLAN, sebenzisa umyalo olandelayo:
Ukuze uqinisekise inhlangano yamakhasimende asebenzise indlela ye-PWE njenge-H2E noma i-Hnp, sebenzisa umyalo olandelayo:
Kuya view inombolo yokuqinisekisa kwe-SAE usebenzisa i-H2E ne-HnP, sebenzisa umyalo olandelayo:
Usekelo lwe-Hash-to-Element ye-Password Element ku-SAE Authentication
Amadokhumenti / Izinsiza
 |
I-CISCO Eshumekiwe Amaphoyinti Okufinyelela Isilawuli Esingenantambo [pdf] Umhlahlandlela Womsebenzisi Amaphoyinti Okufinyelela Okungena Kwesilawuli Esingenantambo Esishumekiwe, Amaphoyinti Okufinyelela Ye-Catalyst yesilawuli Okungenantambo, Amaphoyinti okufinyelela e-Catalyst yesilawuli, Amaphoyinti okufinyelela e-Catalyst, Amaphoyinti okufinyelela, Amaphoyinti |