Motorola Solutions WiNG 5.2.6 Reference Manual page 270

6 - 8 WiNG 5.2.6 Access Point System Reference Guide
Refer to the following to configure an authentication scheme for a WLAN:
• 802.1x EAP, EAP PSK and EAP MAC
• MAC Authentication
• PSK / None
Secure guest access to the network is referred to as captive portal. A captive portal is guest access policy for
providing guests temporary and restrictive access to the access point managed wireless network. Existing captive
portal policies can be applied to a WLAN to provide secure guest access.
A captive portal policy's configuration provides secure authenticated access using a standard Web browser. A captive
portal provides authenticated access by capturing and re-directing a wireless user's Web browser session to a login
page, where a user must enter valid credentials to access to the network. Once logged into the captive portal,
additional Agreement, Welcome and Fail pages provide an administrator with a number of options for the screen flow
and appearance.
Refer to Captive Portal on page 6-13
Encryption is essential for WLAN security, as it provides data privacy for traffic forwarded over a WLAN. When the
802.11 specification was introduced, Wired Equivalent Privacy (WEP) was the primary encryption mechanism. WEP
has since been interpreted as flawed in many ways, and is not considered an effective standalone scheme for
securing a WLAN. WEP is typically used with WLAN deployments supporting legacy clients. New deployments should
use either WPA or WPA2 encryption.
Encryption applies a specific algorithm to alter its appearance and prevent unauthorized hacking. Decryption applies
the algorithm in reverse, to restore the data to its original form. A sender and receiver must employ the same
encryption/decryption method to interoperate. When both TKIP and CCMP are both enabled a mix of clients are
allowed to associate with the WLAN. Some use TKIP, others use CCMP. Since broadcast traffic needs to be
understood by all clients, the broadcast encryption type in this scenario is TKIP.
Refer to the following to configure an encryption scheme for a WLAN:
• WPA/WPA2-TKIP
• WPA2-CCMP
• WEP 64
• WEP 128 and KeyGuard
for information on assigning a captive portal policy to a WLAN.