Proxim ORiNOCO User's Guide download pdf (Page 39)

Access Point Features AP-800 User Guide

Configuring the Device

Configuring Security Profiles

Security policies can be configured and applied on the AP as a whole, or on a per SSID basis. You can configure a

security profile for each VLAN.

The user defines a security policy by specifying one or more values for the following parameters:

• Wireless STA types (WPA station, 802.11i (WPA2) station, WPA-PSK, and 802.11i-PSK) that can associate to the AP.

• Authentication mechanisms (802.1x ) that are used to authenticate clients for each type of station.

• Cipher Suites (AES, TKIP, WEP, None) used for encapsulating the wireless data for each type of station.

NOTE: If you select WEP or TKIP, then the device will work on legacy rates not on 11n rates.

AP-800 supports up to 8 security profiles and can be mapped to any of the VAPs. You can apply unique security profiles

to VAPs without enabling the VLAN.

Wireless Security Features

• Profile Name: This parameter represents the name of the security profile name.

• Authentication Mode: This parameter is used to configure the security authentication mode for wireless.

• WEP Key: This parameter is used to configure the Wep key for wireless security.

• Encryption Type: This parameter is used to configure the type of encryption for the wireless security.

• PSK: This is the read parameter and used to display the security key in asterisk.

• Rekeying Interval: This parameter represents the time interval within which the number of times the key is changed.

NOTE: Rekeying Interval in case of Dynamic WEP is WEP Rekeying Interval, whereas in the case of WPA Security

Modes is WPA Group Rekeying Interval.

RADIUS

Configuring Radius Profiles on the AP allows the administrator to define a profile for RADIUS Servers used by the system

or by a VLAN.

The network administrator can configure default RADIUS authentication servers to be used on a system-wide basis, or in

networks with VLANs enabled the administrator can also configure separate authentication servers to be used for MAC

authentication, 802.1x authentication, or RADIUS based accounting. If the back-up server are configured, then the AP

will communicate with the back-up server till the primary server is offline.

The AP communicates with the RADIUS server defined in a profile to provide the following features:

MAC Access Control Via RADIUS Authentication

If you want to control wireless access to the network and if your network includes a RADIUS Server, you can store the list

of MAC addresses on the RADIUS server rather than configure each AP individually. you can define a RADIUS profile

that specifies the IP Address of the server that contains a central list of MAC Address values identifying the authorized

stations that may access the wireless network. You must specify information for the least primary RADIUS server. The

back-up server is optional.

NOTE: Each VLAN can be configured to use a separate RADIUS server (and backup server) for MAC authentication.

MAC access control can be separately enabled for each VLAN.

802.1x Authentication using RADIUS

You must configure a primary EAP/802.1x Authentication server to use 802.1x security. A back-up server is optional.

NOTE: Each VLAN can be configured to use a separate RADIUS server (and back-up server) for 802.1x authentication.

802.1x authentication (“EAP authentication”) can be separately enabled for each VLAN.

1 2 ... 34 35 36 37 38 39 40 41 42 43 44 ... 144 145

No comments

Proxim ORiNOCO User's Guide Page 39