Table of Contents
Advertisement
December 22, 2005
• WPA (Wi-Fi Protected Access) – This is a much stronger encryption model than WEP and uses TKIP (Tem-
poral Key Integrity Protocol) with AES (Advanced Encryption Standard) to prevent WEP cracks.
TKIP solves security issues with WEP. It also allows you to establish encryption keys on a per-user-basis, with
key rotation for added security. In addition, TKIP provides Message Integrity Check (MIC) functionality and
prevents active attacks on the wireless network.
AES is the strongest encryption standard and is used by government agencies; however, old legacy hardware
may not be capable of supporting the AES mode (it probably won't work on older wireless clients). Because
AES is the strongest encryption standard currently available, it is highly recommended for Enterprise
networks.
Any of the above encryption modes can be used (and can be used at the same time).
Which user authentication method should I use?
User authentication ensures that users are who they say they are. For this purpose, the Array allows you to choose
between the following user authentication methods:
• Pre-Shared Key – Users must manually enter a key (pass phrase) on the client side of the wireless network
that matches the key stored by the administrator in the WFX-3900.
• RADIUS 802.1x with EAP – 802.1x uses a RADIUS server to authenticate large numbers of clients, and can
handle different EAP (Extensible Authentication Protocol) authentication methods, including EAP-TLS, EAP-
TTLS and EAP-PEAP. The RADIUS server can be internal (provided by the WFX-3900) or external. An exter-
nal RADIUS server offers more functionality and is recommended for large Enterprise deployments.
When using this method, user names and passwords must be entered into the RADIUS server for user
authentication.
• MAC Address ACLs (Access Control Lists) – MAC address ACLs provide a list of client adapter MAC
addresses that are allowed or denied access to the wireless network. Access Control Lists work well when
there are a limited number of users—in this case, enter the MAC addresses of each user in the Allow list. In
the event of a lost or stolen MAC adapter, enter the affected MAC address in the Deny list.
Why do I need to authenticate my WFX-3900 units?
When deploying multiple Arrays, you may need to define which units are part of which wireless network (for
example, if you are establishing more than one network). In this case, you need to employ the ADC Wireless
Management System (WFX-3300) which can authenticate your Arrays automatically and ensure that only
authorized units are associated with the defined wireless network.
What is rogue AP (Access Point) detection?
The ADC Array has a dedicated radio (abg/4) which constantly scans the local wireless environment for rogue APs
(non-ADC devices that are not part of your wireless network), unencrypted transmissions, and other security issues.
Administrators can then classify each rogue AP and ensure that these devices do not interrupt or interfere with the
network.
VLAN Support
What Are VLANs?
VLANs (Virtual Local Area Networks) are a logical grouping of network devices that share a common network
broadcast domain. Members of a particular VLAN can be on any segment of the physical network but logically only
members of a particular VLAN can see each other.
VLANs are defined and implemented using the wired network switches that are VLAN capable. Packets are tagged
for transmission on a particular VLAN according to the IEEE 802.1Q standard, with VLAN switches processing
packets according to the tag.
AIWS-UM-4003-01
Appendix B: Troubleshooting
B-3
Advertisement
Table of Contents
