Vlans And Security Profiles; Configuring Security Profiles - Proxim AP-4000 User Manual

Performing Advanced Configuration
SSID/VLAN/Security

VLANs and Security Profiles

The AP-4000 allows you to segment wireless networks into multiple sub-networks based on Network Name (SSID) and VLAN membership. A
Network Name (SSID) identifies a wireless network. Clients associate with Access Points that share an SSID. During installation, the
Wizard prompts you to configure a Primary Network Name for each wireless interface.
After initial setup and once VLAN is enabled, the AP can be configured to support up to 16 SSIDs per wireless interface to segment wireless
networks based on VLAN membership.
Each VLAN can associated to a Security Profile and RADIUS Server Profiles. A Security Profile defines the allowed wireless clients, and
authentication and encryption types. Refer to the following sections for configuration details.

Configuring Security Profiles

Security policies can be configured and applied on the AP as a whole, or on a per VLAN basis. When VLAN is disabled on the AP, the user
can configure a security profile for each interface of the AP. When VLANs are enabled and Security per SSID is enabled, the user can
configure a security profile for each VLAN.
The user defines a security policy by specifying one or more values for the following parameters:
• Wireless STA types (WPA station, 802.11i (WPA2) station, 802.1x station, WEP station) that can associate to the AP.
• Authentication mechanisms (802.1x, RADIUS MAC authentication) that are used to authenticate clients for each type of station.
• Cipher Suites (CCMP, TKIP, WEP) used for encapsulating the wireless data for each type of station.
Up to 16 security profiles can be configured per wireless interface.
1. Click Configure > SSID/VLAN/Security > Security Profile.
Figure 4-37 Security Profile Configuration
2. Click Add in the Security Profile Table to create a new entry. To modify an existing profile, select the profile and click Edit. To delete an
existing profile, select the profile and click Delete. You cannot delete a Security Profile used in an SSID. Also, the first Security Profile
(index 1.1 to 1.7) cannot be deleted.
3. Configure one or more types of wireless stations (security modes) that are allowed access to the AP under the security profile. The
WEP/PSK parameters are separately configurable for each security mode. To enable a security mode in the profile (Non Secure Station,
WEP Station, 802.1x Station, WPA Station, WPA-PSK Station, 802.11i (WPA2) Station, 802.11i-PSK Station), check the box next to the
mode. See Figure 4-38 on page
If the security mode selected in a profile is WEP, WPA-PSK, or 802.11i-PSK, then you must configure the WEP or Pre-Shared Keys.
4. Configure the parameters as follows for each enabled security mode. Refer to
• Non Secure Station:
• Authentication Mode: None. The AP allows access to Stations without authentication.
— Non secure station should be used only with WEP or 802.1x security mode.
• Cipher: None
• WEP Station:
• Authentication Mode: None
• Cipher: WEP
• Encryption Key 0, Encryption Key 1, Encryption Key 2, Encryption Key 3
• Encryption Key Length: 64, 128, or 152 Bits.
97.
Figure 4-38 on page 97.
AP-4000 User Guide
Setup
95