Table of Contents
Advertisement
Configuring Access Point Security
Enabling Authentication and Encryption Schemes
To complement the built-in firewall filters on the WAN side of the access point, the WLAN side of the
access point supports authentication and encryption schemes. Authentication is a challenge-response
procedure for validating user credentials such as username, password, and sometimes secret-key
information. The access point provides two schemes for authenticating users: 802.1x EAP and Kerberos.
Encryption applies a specific algorithm to alter its appearance and prevent unauthorized reading.
Decryption applies the algorithm in reverse to restore the data to its original form. Sender and receiver
must employ the same encryption/decryption method to interoperate.
Wired Equivalent Privacy (WEP) is available in two encryption modes: 40 bit (also called WEP 64) and 104
bit (also called WEP 128). The 104-bit encryption mode provides a longer algorithm (better security) that
takes longer to decode (hack) than the 40-bit encryption mode.
Each WLAN (16 WLANs available in total to an access point regardless of the model) can have a
separate security policy. However, more than one WLAN can use the same security policy. Therefore, to
avoid confusion, do not name security policies the same name as WLANs. Once security policies have
been created, they are selectable within the Security field of each WLAN screen. If the existing default
security policy does not satisfy the data protection requirements of a specific WLAN, a new security
policy (using the authentication and encryption schemes discussed above) can be created.
CAUTION
Mesh configurations do not support mismatched security policies when operating using a mixed mode
scheme. Ensure the encryptions and authentication schemes used by APs in a mesh network are complimentary
with one another.
To enable an existing WLAN security policy or create a new policy:
1 Select Network Configuration > Wireless > Security from the access point menu tree.
The Security Configuration screen displays.
2 If a new security policy is required, click the Create button.
The New Security Policy screen displays with the Manually Pre-shared key/No authentication and No
Encryption options selected. Naming and saving such a policy (as is) would provide no security and
might only make sense in a guest network wherein no sensitive data is either transmitted or
received.
However, selecting any other authentication or encryption checkbox displays a configuration field
for the selected security scheme within the New Security Policy screen.
NOTE
An existing security policy can be edited from the Security Configuration screen by selecting an existing
policy and clicking the Edit button. Use the Edit Security Policy screen to edit the policy. For more information
on editing an existing security policy, refer to security configuration sections described in steps 4 and 5.
3 Use the Name field to define a logical security policy name.
Remember, multiple WLANs can share the same security policy, so be careful not to name security
policies after specific WLANs or risk defining a WLAN to single policy. Extreme Networks
recommends naming the policy after the attributes of the authentication or encryption type selected
(for example, WPA2 Allow TKIP).
200
Altitude 4700 Series Access Point Product Reference Guide
Advertisement
Table of Contents
