Using EAP-TTLS and WPA EAP-TTLS Authentication Security on a Wireless Zebra Tabletop Printer

Similar documents
Using PEAP and WPA PEAP Authentication Security on a Zebra Wireless Tabletop Printer

WPA - Setup for the Wireless Printers

Zebra Mobile Printer, Microsoft IAS, Cisco Controller TLS and WPA-TLS, Zebra Setup Utility

Zebra Mobile Printer, Zebra Setup Utility, Cisco ACS, Cisco Controller PEAP and WPA-PEAP

Configuring Funk Odyssey Software, Avaya AP-3 Access Point, and Avaya

Zebra Setup Utility, Zebra Mobile Printer, Microsoft NPS, Cisco Access Point, PEAP and WPA-PEAP

Zebra Setup Utility, Zebra Mobile Printer, Microsoft IAS, Cisco Access Point, PEAP and WPA-PEAP

Protected EAP (PEAP) Application Note

Zebra Setup Utility, Zebra Mobile Printer, Microsoft NPS, Cisco Controller, PEAP and WPA-PEAP

Configuring the Client Adapter through Windows CE.NET

Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients

Configuring the Client Adapter through the Windows XP Operating System

Zebra Setup Utility, Zebra Mobile Printer, Cisco ACS, Cisco Access Point, EAP-FAST, WPA-EAP-FAST

Aruba PEAP-GTC Supplicant Plug-In Guide

Configuring the Client Adapter through the Windows XP Operating System

Grandstream Networks, Inc. Captive Portal Authentication via RADIUS

Wireless LAN Security. Gabriel Clothier

A Division of Cisco Systems, Inc. GHz g. Wireless-G. USB Network Adapter. User Guide WIRELESS WUSB54G. Model No.

Zebra Setup Utility, Zebra Mobile Printer, IAS, Symbol / Motorola Access point, PEAP and WPA-PEAP

Cisco Secure ACS for Windows v3.2 With PEAP MS CHAPv2 Machine Authentication

A Division of Cisco Systems, Inc. GHz g. Wireless-G. PCI Adapter with SRX 400. User Guide WIRELESS WMP54GX4. Model No.

GHz g. Wireless A+G. User Guide. Notebook Adapter. Dual-Band. Dual-Band WPC55AG a. A Division of Cisco Systems, Inc.

Wireless-N. User Guide. USB Network Adapter WUSB300N WIRELESS. Model No.

Summary. Deployment Guide: Configuring the Cisco Wireless Security Suite 1 OL

Package Content IEEE g Wireless LAN USB Adapter... x 1 Product CD-ROM.x 1

UMDNJ Wireless Documentation Windows 7

Lab Configuring LEAP/EAP using Cisco Secure ACS (OPTIONAL)

ClearPass QuickConnect 2.0

Authentication and Security: IEEE 802.1x and protocols EAP based

Secure ACS for Windows v3.2 With EAP TLS Machine Authentication

Network Systems. Bibliography. Outline. General principles about Radius server. Radius Protocol

Zebra Setup Utility, Zebra Mobile Printer, NPS, Symbol / Motorola Access point, PEAP and WPA-PEAP

Instructions for connecting to the FDIBA Wireless Network. (Windows XP)

Configuring Authentication Types

IEEE 802.1X workshop. Networkshop 34, 4 April Josh Howlett, JRS Technical Support, University of Bristol. Copyright JNT Association

Configuring Cipher Suites and WEP

NCR. Wi-Fi Setup Assistant. User guide

Using the Cisco Unified Wireless IP Phone 7921G Web Pages

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Configure RADIUS DTLS on Identity Services Engine

Configuring the WMIC for the First Time

FAQ on Cisco Aironet Wireless Security

A Division of Cisco Systems, Inc. GHz 2, g. Wireless-G. User Guide. PCI Adapter WIRELESS. with SpeedBooster WMP54GS (EU/UK/LA) Model No.

Configuring RADIUS Clients

NWD2705. User s Guide. Quick Start Guide. Dual-Band Wireless N450 USB Adapter. Version 1.00 Edition 1, 09/2012

Numerics INDEX. 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC g 3-6, x authentication 4-13

CUA-854 Wireless-G Long Range USB Adapter with Antenna. User s Guide

TestsDumps. Latest Test Dumps for IT Exam Certification

New Windows build with WLAN access

Internet Access: Wireless WVU.Encrypted Network Connecting a Windows 7 Device

Configuring the Access Point/Bridge for the First Time

Wireless-N Business Notebook Adapter

b/g/n 1T1R Wireless USB Adapter. User s Manual

MCSA Guide to Networking with Windows Server 2016, Exam

Exam Questions CWSP-205

SE-WL-PCI-03-11G PCI CARD DRIVERS INSTALLATION. Table of Contents

Protected EAP (PEAP) Application Note

802.1X Environment Establishment and Telephone Set Configuration Description

Network Security 1. Module 7 Configure Trust and Identity at Layer 2

MZ Firmware Release Notes

Configuring Funk RADIUS to Authenticate Cisco Wireless Clients With LEAP

802.1x Port Based Authentication

MZ Firmware Release Notes

Instructions for connecting to the FDIBA Wireless Network (Windows Vista)

Configuring 802.1X Settings on the WAP351

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

AmbiCom WL11-SD Wireless LAN SD Card. User Manual

Using the Cisco Unified Wireless IP Phone 7921G Web Pages

Wired Dot1x Version 1.05 Configuration Guide

802.1X: Deployment Experiences and Obstacles to Widespread Adoption

Configuring 802.1X Authentication Client for Windows 8

Instructions for connecting to winthropsecure

For my installation, I created a VMware virtual machine with 128 MB of ram and a.1 GB hard drive (102 MB).

Table of Contents. Chapter1 About g Wireless LAN USB Adapter...1

IMPORTANT INFORMATION FOR CURTIN WIRELESS ACCESS - STUDENT / WINDOWS XP -

Intelligent IP-Enabled Access Control Solutions

Configuration Guide. For 802.1X VLAN Assignment and MAB. T2600G-28TS _v2_ or Above T2600G-52TS_v2_ or Above

Configuring a VAP on the WAP351, WAP131, and WAP371

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Configure 802.1x - PEAP with FreeRadius and WLC 8.3

Configure Wireless for Windows 7

Technical Training Guide for SimplicityTouch IFP Model Numbers Covered: 70 ST-700, Generation 2 (802.11ac)

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)

Procedure: You can find the problem sheet on the Desktop of the lab PCs.

The SSID to use and the credentials required to be used are listed below for each type of account: SSID TO CREDENTIALS TO BE USED:

Part 1: Connecting to HawkNET on your Windows XP PC

Internet access system through the Wireless Network of the University of Bologna (last update )

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

Content and Purpose of This Guide... 1 User Management... 2

ilight/gigapop eduroam Discussion Campus Network Engineering

Exam Questions SY0-401

HPE IMC BYOD WLAN 802.1X Authentication and Security Check Using inode Configuration Examples

Basic Wireless Settings on the CVR100W VPN Router

Secure Access Configuration Guide For Wireless Clients

Wireless Setup Instructions for Windows

NWD271N. User s Guide. WLAN n USB Adapter. Version /2008 Edition 1

eduroam Web Interface User Guide

IEEE a/b/g Wireless USB 2.0 Adapter. User s Manual Version: 1.2

Troubleshooting CHAPTER

Transcription:

Using EAP-TTLS and WPA EAP-TTLS Authentication Security on a Wireless Zebra Tabletop Printer Q. What is EAP-TTLS? A. Extensible Authentication Protocol- Tunneled Transport Level Security is an IEEE 802.1x EAP security method that uses an initial TLS handshake to authenticate a server to a client using PKI (Public Key Infrastructure) cryptography X.509 digital certificates. Using the secure tunnel established by the TLS handshake, a RADIUS (Remote Authentication Dial-In User Service) server is used to authenticate a client using legacy username and password authentication before allowing wireless access onto the network. The server proves its identity to the client (our Zebra mobile printer) by passing a digital certificate to the printer. A root certificate is stored on the printer which will be used to help prove the identity of the server. The printer authenticates to the server by sending its username and password inside the secure TLS tunnel. Encryption keys are then generated securing all communications traffic between the wireless client and the network. In this example we will be using a Cisco Aironet 1200 access point (the EAP authenticator), and a Windows version of the popular FreeRadius authentication server. The firmware level on the Cisco access point used for this test was 12.3(7)JA. Information on FreeRadius appears later in this document. Our first example will be standard EAP-TTLS, which uses WEP encryption. Our second example will be WPA EAP-TTLS, which uses TKIP encryption. To begin, make sure that the printer model you wish to configure for EAP-TTLS has an SH3 microprocessor. You can determine this by performing a 2-key self test (power on the printer with the Feed button pressed, and release it once the self test starts printing). Verify that in the second part of the test in the Program section that the Software version begins with SH. If your printer does not show this information then you do not have an SH3 processor, which is a requirement for EAP-TTLS authentication on a Zebra mobile printer. Configure the Cisco 1200 AP for EAP-TTLS authentication. In the SSID Manager select your SSID, set Open Authentication with EAP, and no Key Management as shown in the following two screen shots:

In the Encryption Manager set WEP Encryption to Mandatory: Next, configure a RADIUS server entry in the Server Manager. Select the IP address for your RADIUS server and enter its shared secret (we will edit the shared secret on the RADIUS server in the next step). By default the FreeRadius server listens on TCP ports 1812 and 1813. Select the RADIUS server s IP address in the Default Server Priorities (EAP Authentication section).

Configure the FreeRadius server for EAP-TTLS authentication. The FreeRadius server is available under the GNU General Public License (GPL), and is freely downloadable from the internet. For our example we will be using a Windows build of the server that can be downloaded from the FreeRadius.net website (http://www.freeradius.net). To install this version of the FreeRadius server you will need a computer system running Windows XP. Download and install the server. In the FreeRadius.net group click the Edit Clients.conf icon. At the bottom of the file add the following lines to create our test network. This will allow for a range of access points that must also be configured with this same shared secret. client 192.168.1.0/24 { secret = password shortname = private-network-3 } Save the file and open the Eap.conf file for editing. If necessary, edit the line that reads default_eap_type to select the TTLS protocol. Save the file if changes are made. default_eap_type = ttls Open the Radiusd.conf file. Locate the PAP module and change the encryption_scheme to clear text as shown below. Save the file if changes are made. # DEFAULT: crypt pap { encryption_scheme = clear } Next we will create user credentials that our printer will use to login to the network. Open the Users file. Just below the user FreeRADIUS.net-Client add a TTLS user ttls as shown below. Save the file if changes are made. # Test TTLS user ttls Auth-Type := pap, User-zebra1 == "zebra1" Service-Type = Login-User The RADIUS server should now be configured correctly. Start the server in debug mode by selecting the appropriate icon. Once the server is initialized it will be ready to process requests and authenticate users.

Configure the Zebra printer for EAP-TTLS authentication. To configure the Zebra printer for EAP-TTLS authentication we must aquire and store the necessary certificate file on the printer, and configure the appropriate printer parameters to enable EAP-TTLS authentication. For this example we will be using the demo certificate that is supplied with the Windows version of FreeRadius. Locate the DemoCerts folder of your FreeRadius installation. At the time of this writing the default path and version is: C:\Program Files\FreeRADIUS.net-1.0.2-r0.0.8\etc\raddb\certs\FreeRADIUS.net\DemoCerts Only one certificate file is required in order to successfully authenticate our printer using EAP- TTLS (a root certificate from a certificate authority), and a user name and password that has also been properly configured in the RADIUS server (in this example the ttls user that we setup previously). The certificate file must be in PEM format. It needs to have a specific filename, and must be stored in the printer s flash file system. Copy the following file from the FreeRadius DemoCerts folder and place it in a temporary folder. Rename the certificate file as shown below. The file name is not case sensitive. FreeRADIUS.net-Root.crt -> CacertSv.nrd Note: Certificate files are normally generated by a trusted 3 rd -party Certificate Authority (CA). If you are using different certificate files the TTLS section of the Eap.conf file will need to be edited to reference the appropriate files. Also, the root certificate file must be renamed as above and saved to the printer s file system. Setting up the Print Server: The Printer must have firmware x.15.x or higher. To configure the printer use ZebraNet Bridge Enterprise V1.2.1 or higher. From Tools, select the Wireless Setup Wizard. Select EAP-TTLS from the security Mode drop down box:

Next click Certificates to add:

Click next to view the ZPL: ^XA ^WIP,10.17.50.71,255.255.255.0,10.17.50.1 ^WAD,D ^WEOFF,1,O,H,,,, ^WP0,0 ^WR,,,,100 ^WStestnet,I,L ^NBS ^WLOFF,zebra1,zebra1 ^WKOFF,,,, ^WX05,zebra1,zebra1 ^FX: C:\temp\CacertSv.nrd will be downloaded as: CAcertsv.nrd ~DYE:CAcertsv.nrd,A,6,,ddfsaf ^XZ ^XA ^JUS ^XZ Click finish to send to the printer.

The following is an example of the FreeRadius log after a successful connection.

The access point s event log should also contain information regarding the printer s successful connection. Next, we will modify the settings on the Cisco access point and the Zebra printer to use WPA EAP-TTLS. WPA increases security further by using TKIP (Temporal Key Integrity Protocol) as an encryption scheme instead of WEP. All the Cisco access point settings are the same as shown previously for standard EAP-TTLS except for the changes shown in the following two screenshots. Configure the Cisco 1200 AP for WPA EAP-TTLS authentication. In the Encryption Manager click Cipher, and select TKIP from the dropdown box.

In the SSID Manager configure WPA as shown below. Configure the Zebra printer for WPA EAP-TTLS authentication. The Printer must have firmware x.15.x or higher. To configure the printer use ZebraNet Bridge Enterprise V1.2.1 or higher. From Tools, select the Wireless Setup Wizard. Select WPA-EAP-TTLS from the security Mode drop down box:

Click Certificates to add:

Click next to view the ZPL: ^XA ^WIP,10.17.50.71,255.255.255.0,10.17.50.1 ^WAD,D ^WEOFF,1,O,H,,,, ^WP0,0 ^WR,,,,100 ^WStestnet,I,L ^NBS ^WLOFF,zebra1,zebra1 ^WKOFF,,,, ^WX11,zebra1,zebra1 ^FX: C:\temp\CacertSv.nrd will be downloaded as: CAcertsv.nrd ~DYE:CAcertsv.nrd,A,6,,ddfsaf ^XZ ^XA ^JUS ^XZ Click finished to send ZPL to the printer.

The following is an example of the FreeRadius log after a successful WPA connection. The access point s event log should also contain information regarding the printer s successful connection.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback