9. Enable or disable MAC Access Control List status on the VLAN/SSID under the MAC ACL
Status drop-down menu.
10. Enter the Security Profile used by the VLAN in the Security Profile field.
Note:
If you have two or more SSIDs per interface using a security Profile with a
Note:
security mode of Non Secure, be aware that security being applied in the VLAN is
not being applied in the wireless network.
11. Define the RADIUS Server Profile Configuration for the VLAN/SSID:
RADIUS MAC Authentication Profile
l
RADIUS EAP Authentication Profile
l
RADIUS Accounting Profile
l
If 802.1x, WPA, or 802.11i security mode is used, the RADIUS EAP Authentication Profile must
have a value.
A RADIUS Server Profile for authentication for each VLAN is configured as part of the
configuration options for that VLAN. RADIUS profiles are independent of VLANs. You can
define any profile to be the default and associate all VLANs to that profile. Four profiles are
created by default: MAC Authentication, EAP Authentication, Accounting, and Management.
12. Reboot the AP.
Security Profiles
Security policies can be configured and applied on the AP as a whole, or on a per VLAN basis.
When VLAN is disabled on the AP, you can configure a security profile for each interface of the
AP. When VLANs are enabled and Security per SSID is enabled, you can configure a security
profile for each VLAN.
You define a security policy by specifying one or more values for the following parameters:
Wireless STA types (WPA station, 802.11i station, 802.1x station, WEP station) that can
•
associate to the AP.
Authentication mechanisms (802.1x, RADIUS MAC authentication) that are used to
•
authenticate clients for each type of station.
Cipher Suites (CCMP, TKIP, WEP) used for encapsulating the wireless data for each type
•
of station.
Security Configuration
Issue 1 September 2004
141