Manualshelf

User's Manual

ManualsBrandsAirgo Networks ManualsElectronicsTrue MIMO Access Point
71727374757677787980
7 Managing Security
148 Installation and User Guide: Airgo Access Point
Open encryption provides no protection, and is only recommended when security is not of concern.
WPA-AES is recommended for all installations, if possible.
Configure and view the following aspects of network and user security from the web interface:
Wireless Security — Select protocols for data encryption and user authentication.
Authentication Zones — Group RADIUS servers for user authentication.
Administrator Security — Set the administrator login and password to access the AP.
RADIUS Servers — Identify authorized RADIUS servers and zones.
Security Statistics — View security-related statistics, including authentication, 802.1x
supplicant, and authentication diagnostic statistics.
Advanced — Configure advanced RADIUS properties.
Zone Privacy
Zone Privacy improves security for users in public hot spots by isolating client stations from each
other. When zone privacy is deployed, a station can connect to the wired network but is not able to
reach other stations associated to the same AP or stations associated to other APs over wireless
backhaul. This section provides an overview of zone privacy. For configuration instructions, see
“Configuring Zone Privacy” on page 164.
Zone privacy isolates client stations from each other by limiting the paths along which APs forward
traffic. When zone privacy is enabled, the AP forwards traffic from client stations to the Ethernet
interface but does not redistribute the traffic back to the AP BSS, nor to the BSS on the second AP
radio. When zone privacy is enabled on APs interconnected over wireless backhaul, traffic from
client stations is forwarded toward the wired network over wireless backhaul connections. APs
receiving traffic from a BP (backhaul point) radio only forward traffic to another AP over a
wireless backhaul connection or to the Ethernet interface. APs in the wireless distribution system
do not forward traffic received from a BP radio to any other BSS.
The zone privacy rules governing traffic forwarding apply to traffic from client stations and to
management traffic from APs. Consequently, the partial network connectivity resulting from zone
privacy can affect features such as client roaming and peer-to-peer communications between APs.
To mitigate against any issues that may arise, enable zone privacy only on non-management
VLANs that carry only user data traffic. Specifically, subscriber privacy can be enforced if ports
attached to APs are members of different VLANs carrying user data. When zone privacy is desired
between two wired APs, all clients that associate to the two different APs are part of different user
Table 14: Encryption Options
Type Description
AES Highest level of protection
TKIP WEP with additional protection
WEP 128 First generation encryption using 128-bit keys; does not provide adequate
protection
WEP 64 First generation encryption using 64-bit keys; does not provide adequate
protection
Open No protection