Configuring User Encryption - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual

Configuring User Encryption

Mobility System Software (MSS) encrypts wireless user traffic for all users who are successfully
authenticated to join an encrypted SSID and who are then authorized to join a VLAN. MSS supports
the following types of encryption for wireless user traffic:
• 802.11i
• Wi-Fi Protected Access (WPA)
• Non-WPA dynamic Wired Equivalent Privacy (WEP)
• Non-WPA static WEP
WEP is described in the IEEE 802.11 standard and WPA is described in the 802.11i standard.
WPA and 802.11i provide stronger security than WEP. (802.11i uses Robust Security Network (RSN),
and is sometimes called WPA2.)
To use WPA or RSN, a client must support it. For non-WPA clients, MSS supports WEP. If your network
contains a combination of WPA, RSN, clients and non-WPA clients, you can configure MSS to provide
encryption for both types of clients.
To configure encryption parameters for an SSID, create or edit a service profile, map the service profile
to a radio profile, and add radios to the radio profile. The SSID name, advertisement setting (beaconing),
and encryption settings are configured in the service profile.
You can configure an SSID to support any combination of WPA, RSN, and non-WPA clients. For example,
a radio can simultaneously use Temporal Key Integrity Protocol (TKIP) encryption for WPA clients and
WEP encryption for non-WPA clients.
The SSID type must be crypto (encrypted) for encryption to be used. If the SSID type is clear, wireless
traffic is not encrypted, regardless of the encryption settings.
Note: MSS does not encrypt traffic in the wired part of the network. MSS does not encrypt wireless or
wired traffic for users who associate with an unencrypted (clear) SSID.
D-Link DWS-1008 User Manual 1