Radius - Proxim ORiNOCO AP-8000 User Manual

Access Point Features
Configuring Security Profiles
Security policies can be configured and applied on the AP as a whole, or on a per SSID basis. You can configure a
security profile for each VLAN.
The user defines a security policy by specifying one or more values for the following parameters:
• Wireless STA types (WPA station, 802.11i (WPA2) station, WPA-PSK, and 802.11i-PSK) that can associate to the AP.
• Authentication mechanisms (802.1x) that are used to authenticate clients for each type of station.
• Cipher Suites (AES, TKIP, WEP, None) used for encapsulating the wireless data for each type of station.
NOTE: If you select WEP or TKIP, then the device will work on legacy rates and not on 11n rates.
AP-8000 supports up to 8 security profiles and can be mapped to any of the VAPs.
Wireless Security Features
• Profile Name: This parameter represents the security profile name.
• Authentication Mode: This parameter represents the security authentication mode for wireless network.
• WEP Key: This parameter is used to configure the Wep key for wireless security.
• PSK: This is a read-only parameter and used to display the security key in asterisk.
• Encryption Type: This parameter is used to configure the encryption type for the wireless security.
• Rekeying Interval: This parameter represents the time interval within which the number of times the key is changed.
NOTES:
• In Dynamic WEP, the Rekeying Interval is WEP Rekeying Interval
• In WPA Security Modes, the Rekeying Interval is WPA Group Rekeying Interval

RADIUS

Configuring Radius Profiles on the AP allows the administrator to define a profile for RADIUS Servers used by the system
or by a VLAN.
A Network Administrator can configure default RADIUS authentication servers to be used on a system-wide basis, or in
networks with VLANs enabled, the administrator can also configure separate authentication servers to be used for MAC
authentication, 802.1x authentication, or RADIUS based accounting. If the back-up server is configured, then the AP will
communicate with the back-up server till the primary server is offline.
The AP communicates with the RADIUS server defined in a profile to provide the following features:
MAC Access Control Via RADIUS Authentication
If you want to control wireless access to the network and if your network includes a RADIUS Server, you can store the list
of MAC addresses on the RADIUS server rather than configure each AP individually. you can define a RADIUS profile
that specifies the IP Address of the server that contains a central list of MAC Address values identifying the authorized
stations that may access the wireless network. You must specify information for the least primary RADIUS server. The
back-up server is optional.
802.1x Authentication using RADIUS
You must configure a primary EAP/802.1x Authentication server to use 802.1x security. A back-up server is optional.
RADIUS Accounting
Using an external RADIUS server, the AP can track and record the length of client sessions on the Access Point by
sending the RADIUS accounting messages per RFC2866. When a wireless client is successfully authenticated, RADIUS
accounting is initiated by sending an "Accounting Start" request to the RADIUS server. When the wireless client session
ends, an "Accounting Stop" request is sent to the RADIUS server.
AP-8000 User Guide
41