Security
Security
The access point is configured by default as an "open system," which broadcasts a beacon signal
including the configured SSID. Wireless clients with an SSID setting of "any" can read the SSID
from the beacon and automatically set their SSID to allow immediate connection to the nearest
access point.
The security mechanisms that you may employ depend upon the level of security required, the
network and management resources available, and the software support provided on wireless
clients. Table
Table 4-7 Security Mechanisms
Security
Mechanism
WEP
WEP over
802.1x
AES (Advanced
Encryption
Standard)
MAC Address
Filtering
WPA over
802.1x mode
WPA Pre-shared
key type
4-74 Advanced Configuration
4‐7 provides a summary of wireless security considerations.
Client Support
Built-in support on all 802.11a,
802.11b, and 802.11g devices
Requires 802.1x client support
in system or by add-in software
(native support provided in
Windows XP and Windows 2000
via patch)
802.11i ready
Uses the MAC address of client
network card
Requires WPA-enabled system
and network card driver
(native support provided in
Windows XP)
Requires WPA-enabled system
and network card driver
(native support provided in
Windows XP)
Note: Although a WEP static key is not needed for WEP over 802.1x, WPA over 802.1x, and WPA
PSK modes, you must enable WEP encryption through the Web or CLI in order to enable all types of
encryption in the access point.
Implementation Considerations
Provides only basic security
Requires manual key management
Provides dynamic key rotation for improved WEP
security
• Requires configured RADIUS server
• 802.1x EAP type may require management of
digital certificates for clients and server
Provides more robust wireless security.
• Management of authorized MAC addresses
• Can be combined with other methods for improved
security
• Optionally configured RADIUS server
Provides robust security in WPA-only mode (for
example, WPA clients only)
• Offers support for legacy WEP clients, but with
increased security risk (for example, WEP
authentication keys disabled)
• Requires configured RADIUS server
• 802.1x EAP type may require management of
digital certificates for clients and server
• Provides good security in small networks
• Requires manual management of pre-shared key