1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
3 (c) 2005 U.S. Robotics Corporation
7 <title>Wireless « Security</title>
9 <link href="usr_layout.css" type="text/css" rel="stylesheet" /><script src="usr_layout.js" type="text/javascript"></script>
10 <link href="usr_menus_dropdown.css" rel="stylesheet" type="text/css"><script src="usr_menus_dropdown.js" type="text/javascript"></script><script src="usr_menus_build.js" type="text/javascript"></script>
11 <link href="usr_device.css" type="text/css" rel="stylesheet" /><script src="usr_device.js" type="text/javascript"></script><link href="usr_91xx.css" type="text/css" rel="stylesheet" /><script src="usr_91xx.js" type="text/javascript"></script><script src="usr_resources.js" type="text/javascript"></script>
13 <meta HTTP-EQUIV='Pragma' CONTENT='no-cache'>
15 <script type="text/javascript" src="util.js"></script>
16 <script type="text/javascript">
21 var ssidIdx = '<%ejGetWlJS(wlSsidIdx)%>';
22 var enblWireless = '<%ejGetWlJS(wlEnbl)%>';
23 var radiusServerIP = '<%ejGetWlJS(wlRadiusServerIP)%>';
24 var mode = '<%ejGetWlJS(wlAuthMode)%>';
25 var bit = '<%ejGetWlJS(wlKeyBit)%>';
26 var keyIdx = '<%ejGetWlJS(wlKeyIndex)%>';
27 var keys = new Array( "<%ejGetWlJS(wlKey1)%>", "<%ejGetWlJS(wlKey2)%>",
28 "<%ejGetWlJS(wlKey3)%>", "<%ejGetWlJS(wlKey4)%>" );
29 var wpaPskKey = '<%ejGetWlJS(wlWpaPsk)%>';
30 var wpaGTKRekey = '<%ejGetWlJS(wlWpaGTKRekey)%>';
31 var radiusPort = '<%ejGetWlJS(wlRadiusPort)%>';
32 var radiusKey = '<%ejGetWlJS(wlRadiusKey)%>';
33 var wep = '<%ejGetWlJS(wlWep)%>';
34 var wpa = '<%ejGetWlJS(wlWpa)%>';
35 var auth = '<%ejGetWlJS(wlAuth)%>';
36 var wlCorerev = '<%ejGetWlJS(wlCoreRev)%>';
38 var wlRefresh = '<%ejGetWlJS(wlRefresh)%>';
39 var varPreauth = '<%ejGetWlJS(wlPreauth)%>';
40 var varNetReauth = <%ejGetWlJS(wlNetReauth)%> / 60;
42 var bWDS = ("<%ejGetWlJS(wlLazyWds)%>" != "1");
43 var apMode = "<%ejGetWlJS(wlMode)%>";
44 if ( wlRefresh == '1' )
45 window.location = "wlsecrefresh.wl?wlRefresh=0";
47 function getCipherIndex(cipher) {
50 if ( cipher == "tkip" )
52 else if ( cipher == "aes" )
54 else if( cipher == "tkip+aes" )
62 function isValidWPAPskKey(val) {
68 if ( len >= minSize && len < maxSize )
70 else if ( len == maxSize ) {
71 for ( i = 0; i < maxSize; i++ )
72 if ( isHexaDigit(val.charAt(i)) == false )
82 function setVisibilityWEPkeys(bShow)
84 setVisibility("idKeyType", bShow);
85 setVisibility("idKeyIx", bShow);
86 setVisibility("idKey1", bShow);
87 setVisibility("idKey2", bShow);
88 setVisibility("idKey3", bShow);
89 setVisibility("idKey4", bShow);
92 function hideAllElements()
94 setVisibility("wlWpaD", false);
95 setVisibility("wpaPreShareKey", false);
96 setVisibility("wpaGTKRekey", false);
98 setVisibility("idRADIUSserver", false);
99 setVisibility("idRADIUSport", false);
100 setVisibility("idRADIUSkey", false);
102 setVisibility("Preauth", false);
103 setVisibility("NetReauth", false);
105 // Don't let 802.1x users disable WEP encryption
106 setVisibility("wlWepD", false);
108 setVisibilityWEPkeys(false);
110 //setVisibility("keyInfo", false);
113 function encrypChange()
115 with ( document.forms[0] )
117 var cwep = wlWep[wlWep.selectedIndex].value;
118 var authMode = wlAuthMode[wlAuthMode.selectedIndex].value;
120 var keyValue = wlKeyIndex.value;
122 if (cwep == "enabled")
124 setVisibilityWEPkeys(true);
125 if ((authMode == "open") || (authMode == "shared"))
128 wlKeys[0].disabled = 0;
129 wlKeys[1].disabled = 0;
130 wlKeys[2].disabled = 0;
131 wlKeys[3].disabled = 0;
133 wlKeyIndex.length = 0;
134 wlKeyIndex[0] = new Option("1", "1");
135 wlKeyIndex[1] = new Option("2", "2");
136 wlKeyIndex[2] = new Option("3", "3");
137 wlKeyIndex[3] = new Option("4", "4");
139 else // authMode == "radius"
141 // disable appropriate key fields
142 wlKeys[0].disabled = 1;
143 wlKeys[1].disabled = 0;
144 wlKeys[2].disabled = 0;
145 wlKeys[3].disabled = 1;
147 wlKeyIndex.length = 0;
148 wlKeyIndex[0] = new Option("2", "2");
149 wlKeyIndex[1] = new Option("3", "3");
151 if ((keyValue == "1") || (keyValue == "4"))
157 setVisibilityWEPkeys(false);
160 wlKeyIndex.value = keyValue;
165 function authModeChange(bPageLoad)
167 with ( document.forms[0] )
169 var authMode = wlAuthMode[wlAuthMode.selectedIndex].value;
172 //alert('authModeChange:authMode= "' + authMode+ '" (EOM).');
176 //show adequate forms for each mode
180 wlWep[wlWep.selectedIndex].value = "disabled";
185 //UNNECESSARY? wlWep.selectedIndex = 1;
186 setVisibilityWEPkeys(true);
190 setVisibility("idRADIUSserver", true);
191 setVisibility("idRADIUSport", true);
192 setVisibility("idRADIUSkey", true);
193 //never setVisibility("wlWepD", true);
198 setVisibility("Preauth", true);
199 setVisibility("NetReauth", true);
201 setVisibility("wlWpaD", true);
203 setVisibility("idRADIUSserver", true);
204 setVisibility("idRADIUSport", true);
205 setVisibility("idRADIUSkey", true);
207 setVisibility("wpaGTKRekey", true);
213 setVisibility("wlWpaD", true);
214 setVisibility("wpaGTKRekey", true);
215 setVisibility("wpaPreShareKey", true);
221 wlWpa[0] = new Option("TKIP", "tkip");
225 wlWpa[1] = new Option("AES", "aes");
226 wlWpa[2] = new Option("TKIP and AES", "tkip+aes");
229 // select current value
232 //advice default cipher selection, remove if not desired
235 if (authMode == "wpa" || authMode == "psk")
236 wlWpa.selectedIndex = 0;
237 else if (authMode == "wpa2" || authMode == "psk2")
238 wlWpa.selectedIndex = 1;
239 else if (authMode == "wpa2mix" || authMode == "psk2mix")
240 wlWpa.selectedIndex = 2;
242 wpa = wlWpa[wlWpa.selectedIndex].value;
247 if (authMode == "none")
249 wlWep[0] = new Option("Disabled", "disabled");
250 wlWep[0].selected = true;
252 // Is anyone really going to use WEP open and NOT set a key?? -skst
253 // open, shared, and radius must have wep on
254 else if (authMode == "shared" || (authMode == "open") || authMode == "radius")
256 wlWep[0] = new Option("Enabled", "enabled");
257 wlWep[0].selected = true;
261 wlWep[0] = new Option("Disabled", "disabled");
262 wlWep[1] = new Option("Enabled", "enabled");
264 // set wep off if switch to wpa modes
265 if ((authMode.indexOf("wpa")!= -1 || authMode.indexOf("psk")!= -1) && (mode == "open" || mode == "shared" || mode == "radius"))
266 wlWep[0].selected = true;
267 else if (wep == "enabled")
268 wlWep[1].selected = true;
270 wlWep[0].selected = true;
279 // if WDS is on, post notice
280 setVisibility("idWDSon", bWDS && (apMode == "wds"));
281 // Set default mode to 'None'
282 if ( mode == "open" && wep == "disabled" )
285 with ( document.forms[0] ) {
286 wlAuthMode.selectedIndex = getAuthModeIndex(mode);
287 wlWpaPsk.value = wpaPskKey;
288 wlWpaGtkRekey.value = wpaGTKRekey;
289 wlRadiusIPAddr.value = radiusServerIP;
290 wlRadiusPort.value = radiusPort;
291 wlRadiusKey.value = radiusKey;
292 wlKeyBit.value = bit;
293 wlPreauth.selectedIndex = parseInt(varPreauth);
294 wlNetReauth.value = varNetReauth;
295 for ( i = 0; i < 4; i++ )
296 wlKeys[i].value = keys[i];
298 authModeChange(true);
299 wlKeyIndex.value = keyIdx;
302 set the key type based on the selected strength and the size of the current key
304 if (wlKeys[wlKeyIndex.value - 1].value.length == 0)
305 cbWEPkeytype.value = "type128ASCII";
306 else if (wlKeyBit.value == "0")
307 cbWEPkeytype.value = (wlKeys[wlKeyIndex.value - 1].value.length == "13") ? "type128ASCII" : "type128hex";
309 cbWEPkeytype.value = (wlKeys[wlKeyIndex.value - 1].value.length == "5") ? "type64ASCII" : "type64hex";
310 setMaxLength(false, cbWEPkeytype.value, wlKeys);
315 function btnApply(place)
317 document.forms[0].wlKeyBit.value = (document.forms[0].cbWEPkeytype.value.substr(0, 7) == "type128") ? "0" : "1";
319 if ( enblWireless == '0' ) {
320 if ( place == 'wlsecurity.wl' )
321 alert('Unable to apply the changes because wireless is currently disabled.');
323 alert('Unable to set encryption keys because wireless is currently disabled.');
328 Validate options that conflict with WDS.
337 if ((apMode == "wds") &&
338 ((document.forms[0].wlAuthMode.value == "psk2mix") ||
339 (document.forms[0].wlAuthMode.value == "psk2") ||
340 (document.forms[0].wlAuthMode.value == "wpa2mix") ||
341 (document.forms[0].wlAuthMode.value == "wpa2") ||
342 (document.forms[0].wlAuthMode.value == "wpa") ||
343 (document.forms[0].wlAuthMode.value == "radius") ||
344 ((document.forms[0].wlAuthMode.value == "psk") &&
345 (document.forms[0].wlWpa.value == "tkip+aes"))))
347 alert("Bridge restrict (WDS) is enabled, which means that WPA2, RADIUS, and both TKIP and AES are not allowed.");
352 var swep = document.forms[0].wlWep[document.forms[0].wlWep.selectedIndex].value;
354 if ( place == 'wlsecurity.wl' ) {
355 with ( document.forms[0] ) {
356 var authMode = wlAuthMode[wlAuthMode.selectedIndex].value;
357 if (authMode != 'radius' && swep == 'enabled')
359 var idx = wlKeyIndex.selectedIndex;
360 var iNumBits = ((wlKeyBit.value == "0") ? 128 : 64);
361 for (i = 0; i < 4; i++)
365 if ((wlKeys[i].value == "") || !isValidKey(wlKeys[i], idKeyValue1.maxLength))
367 alert("Key " + (i + 1) + " is invalid. Please enter a valid " + iNumBits + "-bit WEP encryption key.");
371 else if ((wlKeys[i].value != "") && !isValidKey(wlKeys[i], idKeyValue1.maxLength))
373 alert("Key " + (i + 1) + " is invalid. Please delete the key or enter a valid " + iNumBits + "-bit WEP encryption key.");
381 var loc = place + '?';
383 with ( document.forms[0] ) {
384 var authMode = wlAuthMode[wlAuthMode.selectedIndex].value;
387 loc += 'wlAuthMode=';
389 if (authMode == 'shared') {
396 if (authMode.indexOf("psk")!= -1) {
397 value = wlWpaPsk.value;
398 if ( isValidWPAPskKey(value) == false ) {
399 alert('WPA pass phrase should be between 8 and 63 characters long.');
402 loc += '&wlWpaPsk=' + encodeUrl(wlWpaPsk.value);
405 if (authMode.indexOf("wpa")!= -1 || authMode.indexOf("psk")!= -1){
407 value = parseInt(wlWpaGtkRekey.value);
408 if ( isNaN(value) == true || value < 0 || value > 999999999 ) {
409 alert('Rotation interval "' + wlWpaGtkRekey.value + '" should be between 0 and 999,999,999.');
412 loc += '&wlWpaGtkRekey=' + wlWpaGtkRekey.value;
414 //check Reauth interval
415 value = parseInt(wlNetReauth.value);
416 if ( isNaN(value) || value < 0 || value > 99999 ) {
417 alert('WPA re-authentication interval "' + wlNetReauth.value + '" should be between 0 and 99,999.');
420 loc += '&wlNetReauth=' + wlNetReauth.value * 60;
423 if (authMode.indexOf("wpa")!= -1 || authMode == 'radius') {
424 if ( isValidIpAddress(wlRadiusIPAddr.value) == false ) {
425 alert('The 802.1x (RADIUS) server "' + wlRadiusIPAddr.value + '" is an invalid IP address.');
428 loc += '&wlRadiusServerIP=' + wlRadiusIPAddr.value;
429 loc += '&wlRadiusPort=' + wlRadiusPort.value;
430 loc += '&wlRadiusKey=' + encodeUrl(wlRadiusKey.value);
432 loc += '&wlWep=' + wlWep[wlWep.selectedIndex].value;
433 loc += '&wlWpa=' + wlWpa[wlWpa.selectedIndex].value;
435 loc += '&wlKeyBit=' + wlKeyBit.value;
437 loc += '&wlPreauth=' + ((wlPreauth.value == "on") ? "1" : "0");
439 if (getSelect(wlWep) == "enabled") {
441 var num = parseInt(getSelect(wlKeyIndex))-1;
442 val = wlKeys[num].value;
443 if ( val == '' && !(swep == 'enabled' && authMode == 'radius'))
445 alert("The selected WEP encryption key is blank. Please enter a value for the selected key or select a key that has a value.");
449 var iNumChars = idKeyValue1.maxLength;
450 for (i = 0; i < 4; i++ )
453 if ( i != wlKeys.selectedIndex )
454 msg = "delete the key or ";
455 if ( wlKeys[i].value != "" && !isValidKey(wlKeys[i], iNumChars) )
457 alert("Key " + (i + 1) + " is invalid. Please " + msg + "enter a valid " + iNumChars + "-bit WEP encryption key. ");
462 loc += submitSelect(wlKeyIndex);
463 loc += '&wlKey1=' + encodeUrl(wlKeys[0].value);
464 loc += '&wlKey2=' + encodeUrl(wlKeys[1].value);
465 loc += '&wlKey3=' + encodeUrl(wlKeys[2].value);
466 loc += '&wlKey4=' + encodeUrl(wlKeys[3].value);
469 // the last one to submit - if changing ssid above variables belong to previous ssid
470 loc += '&wlSsidIdx=' + ssidIdx;
471 window.location = loc;
477 function getAuthModeIndex(mode)
482 case 'psk2mix': ret = 0; break;
483 case 'psk2': ret = 1; break;
484 case 'psk': ret = 2; break;
486 case 'wpa2mix': ret = 3; break;
487 case 'wpa2': ret = 4; break;
488 case 'wpa': ret = 5; break;
490 case 'radius': ret = 6; break;
492 case 'open': ret = 7; break;
493 case 'shared': ret = 8; break;
494 default: ret = 9; break; // none
502 <body onload="initMenu(); frmLoad();">
504 <script type="text/javascript">
505 writeHeader("Security");
510 <p>This page allows you to configure security features for wireless clients.
511 You can specify the authentication and encryption used for wireless communcation.</p>
513 <p id="idWDSon" class="clsNote">Note: When <b>Bridge restrict</b> is enabled, <b>WPA2</b>,
514 <b>RADIUS</b>, and both <b>TKIP and AES</b> are not permitted. You can disable <b>Bridge restrict</b>
515 on the <a href="wlwds.cmd?action=view">Wireless AP Mode</a> page.</p>
520 <td><label>Network name:</label></td>
521 <td class="clsStatic"><%ejGetWlHTML(wlSsid)%></td>
524 <td><label>Network authentication:</label></td>
525 <td><select name='wlAuthMode' id='wlAuthMode' onChange='authModeChange(false)'>
526 <option value="psk2mix">WPA2 and WPA (PSK) (recommended)</option>
527 <option value="psk2">WPA2 (PSK)</option>
528 <option value="psk">WPA (PSK)</option>
529 <option value="wpa2mix">WPA2 and WPA with 802.1x (RADIUS)</option>
530 <option value="wpa2">WPA2 with 802.1x (RADIUS)</option>
531 <option value="wpa">WPA with 802.1x (RADIUS)</option>
532 <option value="radius">802.1x (RADIUS)</option>
533 <option value="open">WEP open</option>
534 <option value="shared">WEP shared</option>
535 <option value="none">None</option>
541 <td>WPA encryption:</td>
542 <td><select name="wlWpa" id="wlWpa" onChange='encrypChange()'></select></td>
545 <tr id="wpaPreShareKey">
546 <td><label for="wlWpaPsk">WPA pass phrase:</label></td>
547 <td><input type='text' name='wlWpaPsk' id='wlWpaPsk' size='20' maxlength='64'></td>
551 <td><label>WPA2 pre-authentication:</label></td>
552 <td><select name='wlPreauth' id='wlPreauth'>
553 <option value="off">Disabled</option>
554 <option value="on">Enabled</option>
560 <td><label for="wlNetReauth">Network re-authentication:</label></td>
561 <td><input type='text' name='wlNetReauth' size='20' maxlength='5'> <label>minutes (0-99,999)</label></td>
564 <tr id="wpaGTKRekey">
565 <td><label for="wlWpaGtkRekey">Rotation interval:</label></td>
566 <td><input type='text' name='wlWpaGtkRekey' id='wlWpaGtkRekey' size='20' maxlength='10'> seconds<br/>
567 <span class="clsNote">(To disable key rotation, set this value to zero.)</span></td>
570 <tr id="idRADIUSserver">
571 <td><label for="wlRadiusIPAddr">RADIUS server:</label></td>
572 <td><input type='text' name='wlRadiusIPAddr' id='wlRadiusIPAddr' size='20' maxlength='15'></td>
574 <tr id="idRADIUSport">
575 <td><label for="wlRadiusPort">RADIUS port:</label></td>
576 <td><input type='text' name='wlRadiusPort' id='wlRadiusPort' size='20' maxlength='5'></td>
578 <tr id="idRADIUSkey">
579 <td><label for="wlRadiusKey">RADIUS key:</label></td>
580 <td><input type='text' name='wlRadiusKey' id='wlRadiusKey' size='20' maxlength='80'></td>
583 <!-- This is always hidden so 802.1x users can't disable WEP encryption -->
585 <td><label>WEP encryption:</label></td>
586 <td><select name="wlWep" id="wlWep" onChange='encrypChange()'>
587 <option value=disabled>Disabled</option>
588 <option value=enabled>Enabled</option>
593 <td><label>Key type:</label></td>
595 <input type="hidden" name="wlKeyBit" id="wlKeyBit"> <!-- actual field (0=128, 1=64) -->
596 <!-- No name property so the value's not posted -->
597 <select id="cbWEPkeytype" onchange="setMaxLength(true, this.value, wlKeys);">
598 <option value="type128ASCII" selected>128-bit ASCII</option>
599 <option value="type128hex">128-bit hex</option>
600 <option value="type64ASCII">64-bit ASCII</option>
601 <option value="type64hex">64-bit hex</option>
606 <td><label>Current key:</label></td>
607 <td><select name='wlKeyIndex'>
608 <option value="1">1</option>
609 <option value="2">2</option>
610 <option value="3">3</option>
611 <option value="4">4</option>
615 <td><label for="idKeyValue1">Key 1:</td>
616 <td><input type='text' name='wlKeys' id="idKeyValue1" size='30' maxlength=26></td>
619 <td><label for="idKeyValue2">Key 2:</td>
620 <td><input type='text' name='wlKeys' id="idKeyValue2" size='30' maxlength=26></td>
623 <td><label for="idKeyValue3">Key 3:</td>
624 <td><input type='text' name='wlKeys' id="idKeyValue3" size='30' maxlength=26></td>
627 <td><label for="idKeyValue4">Key 4:</td>
628 <td><input type='text' name='wlKeys' id="idKeyValue4" size='30' maxlength=26><br/>
629 <span class="clsNote">(A key must be <span id="idKeyNumChars"></span> characters long.)</span></td>
633 <p>Press <b>Apply</b> to save your settings.</p>
634 <p><input type='button' onClick='btnApply("wlsecurity.wl")' value='Apply'></p>
638 <script type="text/javascript">