Manualshelf

User's Manual

ManualsBrandsAirgo Networks ManualsElectronicsTrue MIMO Access Point
21222324252627282930
2 Planning Your Installation
12 Installation and User Guide: Airgo Access Point
Data encryption — Specifying the method of security for wireless data communications
between client stations and the AP.
Authentication — Specifying the method to verify the identity of users who want to access the
wireless network, and assign access restrictions and services to them.
Enrollment
Enrollment is the process of verifying the identity of APs and confirming that they are authorized to
be a legitimate part of the wireless network. It is recommended that you designate a single
enrollment server for the entire network. For small and mid-size networks, this should be an AP
configured as an NM Portal (see “Selecting a Network Management Method” on page 12). For
large offices and campuses, it is recommended that you use the enrollment module within NMS Pro
as the enrollment server. The process of enrollment is discussed in “Enrolling APs” on page 181.
Data Encryption
Data encryption is the process whereby data packets are encoded to prevent intruders from
deciphering the content. The first wave of IEEE 802.11 products introduced encryption based on
the Wired Equivalent Privacy (WEP) standard. The WEP algorithm uses keys configured on the AP
and in the user client software to encrypt wireless data. Unfortunately, WEP is vulnerable to
compromise and difficult to manage and configure. Temporal Key Integrity Protocol (TKIP) is the
secure successor to WEP.
The current state of the art for data encryption is the Advanced Encryption Standard (AES),
adopted by the Wi-Fi Alliance as part of the IEEE 802.11i working group under the heading Wi-Fi
Protected Access (WPA). The new IEEE 802.11i standard provides financial-grade security with
extremely strong AES over-the-air encryption. The keys used for every user session are unique and
are established automatically using the IEEE 802.1x protocol.
Unless your wireless network must support WEP encryption, using WPA with AES for data
encryption, regardless of your network size or complexity, is recommended.
User Authentication
User authentication is the process of verifying user identity and assigning access rights based on
predetermined rules.
For small to mid-size networks, the internal RADIUS server within the Airgo AP security
portal provides authentication services across the network. A second AP can also be configured
as a backup security portal.
For large office and campus installations, one or more external RADIUS authentication servers
may already be in place to provide authentication services for the wired network based on the
IEEE 802.1x RADIUS standard. It is a straightforward exercise to extend that infrastructure to
the wireless network, thereby creating an integrated user authentication process for the entire
enterprise network.
The security portal feature of the Airgo AP plays a special role in wireless backhaul authentication.
For more information, see Chapter 6, “Configuring a Wireless Backhaul.”
Selecting a Network Management Method
As with user authentication, appropriate network management solutions depend upon the size and
complexity of the network, and Airgo products and features are available to support a wide range of
possibilities.