< Home

Security Profile

Procedure

  • Create a security profile.
    1. Choose Configuration > Wireless Services > Profile > Wireless Service > Security Profile. The Security Profile List page is displayed.
    2. Click Create. The Create Security Profile page is displayed.
    3. Enter the name of the new security profile in Profile name.

      To copy all parameters from another profile to the new profile, select the name of the profile in Copy parameters from other profiles. If None is selected, parameters are not copied from another profile.

    4. Click OK. The parameter setting page of the new security profile is displayed.



    5. Set parameters for creating a security profile. Table 1 describes the parameters for creating a security profile.

      Table 1 Parameters for creating a security profile

      Parameter

      Description

      Security Profile

      Name of the security profile, which cannot be modified.

      Security policy

      Security policy of the security profile.

      Authentication type

      Authentication mode of the security policy.

      Encryption mode

      Encryption mode of the security policy.

      WPA encryption mode

      Encryption mode of the security policy.

      WPA2 encryption mode

      Encryption mode of the security policy.

      Password type

      Password type, which is a hexadecimal number or a passphrase.

      Key No.

      Key number, which you can select from the drop-down list box.

      Key

      Key of the security profile.

      PTK update interval

      Whether to enable periodic PTK update during WPA/WPA2/WPA-WPA2 encryption.

      PTK update interval

      PTK update interval during WPA/WPA2/WPA-WPA2 encryption. A smaller update interval indicates more frequent PTK updates and more secure data encryption. However, if the PTK update interval is set too small, the STA and AP implement more PTK negotiations, affecting the throughput.

      Management frame protection

      Whether to enable management frame protection.

      Forcibly enable management frame protection

      Whether to forcibly enable management frame protection.

      Specify AC private key file/key

      Private key file and key of the AC certificate specified for the security profile when the security policy is set to WAPI.

      Specify AC certificate/key

      AC certificate and key specified for the security profile when the security policy is set to WAPI.

      NOTE:

      The certificates must be valid and correct.

      Specify issuer's certificate/key

      Issuer certificate and key specified for the security profile when the security policy is set to WAPI. The issuer certificate helps to check whether the AC certificate is modified.

      Specify ASU certificate/key

      ASU certificate and key specified for the security profile when the security policy is set to WAPI.

      NOTE:

      If the authentication system uses only two certificates, the issuer certificate is the same as the ASU certificate, with the same file name. If the authentication system uses three certificates, the issuer certificate and ASU certificate are different from each other and both must be imported.

      The certificates must be valid and correct.

      ASU IP

      IP address of the ASU server when the security policy is set to WAPI.

      NOTE:

      The parameter determines to which ASU server WAPI packets are sent. Users must ensure the correctness of both ASU certificates and ASU servers; otherwise, users may fail the authentication.

      Retransmission count of certificate authentication packets

      Number of certificate authentication packet retransmissions specified for the security profile when the security policy is set to WAPI.

      Association timeout interval

      Timeout period of a security association (SA).

      BK lifetime percentage

      BK lifetime percentage.

      BK update interval

      BK update interval.

      Key update

      Key update function. You can select Unicast Key Update, Multicast Key Update, or both.
      Unicast Key Update/Multicast Key Update

      Update interval

      Key update interval. When the key update mode is set to time-based key update, the key update interval needs to be configured.

      Retransmission count of negotiation packets

      Number of key negotiation packet retransmissions.

    6. Click Apply. In the Info dialog box that is displayed, click OK.
  • Modify a security profile.
    1. Choose Configuration > Wireless Services > Profile > Wireless Service > Security Profile. The Security Profile List page is displayed.
    2. Click the name of the security profile that you want to modify. The security profile configuration page is displayed.
    3. Set parameters for modifying a security profile. Table 1 describes the parameters for modifying a security profile.
    4. Click Apply. In the Info dialog box that is displayed, click OK.
  • Delete a security profile.
    1. Choose Configuration > Wireless Services > Profile > Wireless Service > Security Profile. The Security Profile List page is displayed.
    2. Select the profile that you want to delete and click Delete. In the Confirm dialog box that is displayed, click OK.
  • Display the profile reference relationship.
    1. Choose Configuration > Wireless Services > Profile > Wireless Service > Security Profile. The Security Profile List page is displayed.
    2. Select the profile of which you want to display the reference relationship and click Display Reference Relationship. The system displays the types and names of the objects that reference the profile.

      Click Hide Reference Relationship. The system hides the displayed results.

Parent Topic: Wireless Service
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >