ZyXEL Communications NWA Series User Manual page 144

Table 59 Configuration > Object > AP Profile > SSID > Security List > Add/Edit Security Profile (continued)
LABEL
Key 1~4
Group Key Update
Timer
Management Frame
Protection
Radius Settings
Radius Server Type
Primary / Secondary
Radius Server Activate
Radius Server IP
Address
Radius Server Port
Radius Server Secret
Primary / Secondary
Accounting Server
Activate
Accounting Server
IP Address
Accounting Server
Port
Accounting Share
Secret
Accounting Interim
Update
Interim Update
Interval
General Server Settings
NAS IP Address
Chapter 13 AP Profile
DESCRIPTION
Based on your Key Length selection, enter the appropriate length hexadecimal or ASCII
key.
Enter the interval (in seconds) at which the AP updates the group WPA2 encryption key.
This field is available only when you select wpa2 in the Security Mode field and set Cipher
Type to aes.
Data frames in 802.11 WLANs can be encrypted and authenticated with WEP, WPA or
WPA2. But 802.11 management frames, such as beacon/probe response, association
request, association response, de-authentication and disassociation are always
unauthenticated and unencrypted. IEEE 802.11w Protected Management Frames allows
APs to use the existing security mechanisms (encryption and authentication methods
defined in IEEE 802.11i WPA/WPA2) to protect management frames. This helps prevent
wireless DoS attacks.
Select the check box to enable management frame protection (MFP) to add security to
802.11 management frames.
Select Optional if you do not require the wireless clients to support MFP. Management
frames will be encrypted if the clients support MFP.
Select Required and wireless clients must support MFP in order to join the Zyxel Device's
wireless network.
This shows External and the Zyxel Device uses an external RADIUS server for
authentication.
Select this to have the Zyxel Device use the specified RADIUS server.
Enter the IP address of the RADIUS server to be used for authentication.
Enter the port number of the RADIUS server to be used for authentication.
Enter the shared secret password of the RADIUS server to be used for authentication.
Select the check box to enable user accounting through an external authentication
server.
Enter the IP address of the external accounting server in dotted decimal notation.
Enter the port number of the external accounting server. The default port number is 1813.
You need not change this value unless your network administrator instructs you to do so
with additional information.
Enter a password (up to 128 alphanumeric characters) as the key to be shared between
the external accounting server and the Zyxel Device. The key must be the same on the
external accounting server and your Zyxel Device. The key is not sent over the network.
This field is available only when you enable user accounting through an external
authentication server.
Select this to have the Zyxel Device send subscriber status updates to the accounting
server at the interval you specify.
Specify the time interval for how often the Zyxel Device is to send a subscriber status
update to the accounting server.
If the RADIUS server requires the Zyxel Device to provide the NAS (Network Access Server)
IP address attribute, enter it here.
NWA/WAC/WAX Series User's Guide
144