Security Profile

Procedure

• Create a security profile.
  1. Choose Configuration > Wireless Services > Profile > Wireless Service > Security Profile. The Security Profile List page is displayed.
  2. Click Create. The Create Security Profile page is displayed.
  3. Enter the name of the new security profile in Profile name.

     To copy all parameters from another profile to the new profile, select the name of the profile in Copy parameters from other profiles. If None is selected, parameters are not copied from another profile.

  4. Click OK. The parameter setting page of the new security profile is displayed.

     
     
     

  5. Set parameters for creating a security profile. Table 9-3 describes the parameters for creating a security profile.
     Table 9-3 Parameters for creating a security profile

     Parameter	Description
     Security Profile	Name of the security profile, which cannot be modified.
     Security policy	Security policy of the security profile.
     Authentication type	Authentication mode of the security policy.
     Encryption mode	Encryption mode of the security policy.
     WPA encryption mode	Encryption mode of the security policy.
     WPA2 encryption mode	Encryption mode of the security policy.
     Password type	Password type, which is a hexadecimal number or a passphrase.
     Key No.	Key number, which you can select from the drop-down list box.
     Key	Key of the security profile.
     PTK update interval	Whether to enable periodic PTK update during WPA/WPA2/WPA-WPA2 encryption.
     PTK update interval	PTK update interval during WPA/WPA2/WPA-WPA2 encryption. A smaller update interval indicates more frequent PTK updates and more secure data encryption. However, if the PTK update interval is set too small, the STA and AP implement more PTK negotiations, affecting the throughput.
     Management frame protection	Whether to enable management frame protection.
     Forcibly enable management frame protection	Whether to forcibly enable management frame protection.
     Specify AC private key file/key	Private key file and key of the AC certificate specified for the security profile when the security policy is set to WAPI.
     Specify AC certificate/key	AC certificate and key specified for the security profile when the security policy is set to WAPI. NOTE: The certificates must be valid and correct.
     Specify issuer's certificate/key	Issuer certificate and key specified for the security profile when the security policy is set to WAPI. The issuer certificate helps to check whether the AC certificate is modified.
     Specify ASU certificate/key	ASU certificate and key specified for the security profile when the security policy is set to WAPI. NOTE: If the authentication system uses only two certificates, the issuer certificate is the same as the ASU certificate, with the same file name. If the authentication system uses three certificates, the issuer certificate and ASU certificate are different from each other and both must be imported. The certificates must be valid and correct.
     ASU IP	IP address of the ASU server when the security policy is set to WAPI. NOTE: The parameter determines to which ASU server WAPI packets are sent. Users must ensure the correctness of both ASU certificates and ASU servers; otherwise, users may fail the authentication.
     Retransmission count of certificate authentication packets	Number of certificate authentication packet retransmissions specified for the security profile when the security policy is set to WAPI.
     Association timeout interval	Timeout period of a security association (SA).
     BK lifetime percentage	BK lifetime percentage.
     BK update interval	BK update interval.
     Key update	Key update function. You can select Unicast Key Update, Multicast Key Update, or both.
     Unicast Key Update/Multicast Key Update
     Update interval	Key update interval. When the key update mode is set to time-based key update, the key update interval needs to be configured.
     Retransmission count of negotiation packets	Number of key negotiation packet retransmissions.

  6. Click Apply. In the Info dialog box that is displayed, click OK.
• Modify a security profile.
  1. Choose Configuration > Wireless Services > Profile > Wireless Service > Security Profile. The Security Profile List page is displayed.
  2. Click the name of the security profile that you want to modify. The security profile configuration page is displayed.
  3. Set parameters for modifying a security profile. Table 9-3 describes the parameters for modifying a security profile.
  4. Click Apply. In the Info dialog box that is displayed, click OK.
• Delete a security profile.
  1. Choose Configuration > Wireless Services > Profile > Wireless Service > Security Profile. The Security Profile List page is displayed.
  2. Select the profile that you want to delete and click Delete. In the Confirm dialog box that is displayed, click OK.
• Display the profile reference relationship.
  1. Choose Configuration > Wireless Services > Profile > Wireless Service > Security Profile. The Security Profile List page is displayed.
  2. Select the profile of which you want to display the reference relationship and click Display Reference Relationship. The system displays the types and names of the objects that reference the profile.

     Click Hide Reference Relationship. The system hides the displayed results.