Manualshelf

User's Manual

ManualsBrandsAirgo Networks ManualsElectronics802.11 a/b/g True MIMO Access Point
21222324252627282930
2 Planning Your Installation
12 Installation and Configuration Guide: Airgo Access Point
Data encryption—Specifying the method of security for wireless data communications
between client stations and the AP.
Authentication—Specifying the method to verify the identity of users who want to access the
wireless network, and assign access restrictions and services to them.
Enrollment
Enrollment is the process of verifying the identity of APs and confirming that they are authorized to
be a legitimate part of the wireless network. It is recommended to designate a single enrollment
server for the entire network. For small and mid-size networks, this should be an AP configured as
an NM Portal (see “Selecting a Network Management Method” on page 12). For large offices and
campuses, it is recommended to use the enrollment module within NMS Pro as the enrollment
server. The process of enrollment is discussed in “Enrolling APs” on page 165.
Data Encryption
Data encryption is the process whereby data packets are encoded to prevent intruders from
deciphering the content. The first wave of IEEE 802.11 products introduced encryption based on
the Wired Equivalent Privacy (WEP) standard. The WEP algorithm uses keys configured on the AP
and in the user client software to encrypt wireless data. Unfortunately, WEP is vulnerable to
compromise and difficult to manage and configure. Temporal Key Integrity Protocol (TKIP) is the
secure successor to WEP.
The current state of the art for data encryption is the Advanced Encryption Standard (AES),
adopted by the Wi-Fi Alliance as part of the IEEE 802.11i working group efforts and grouped under
the heading Wi-Fi Protected Access (WPA). The new IEEE 802.11i standard provides financial-
grade security with extremely strong AES over-the-air encryption. The keys used for every user
session are unique and are established automatically using the IEEE 802.1x protocol.
Unless your wireless network must support WEP encryption, using WPA with AES for data
encryption, regardless of your network size or complexity, is recommended.
User Authentication
User authentication is the process of verifying user identity and assigning access rights based on
predetermined rules. For small to mid-size networks, the internal RADIUS server within the Airgo
AP security portal provides authentication services across the network. A second AP can also be
configured as a backup security portal.
For large office and campus installations, one or more external RADIUS authentication servers
may already be in place to provide authentication services for the wired network based on the IEEE
802.1x RADIUS standard. It is a straightforward exercise to extend that infrastructure to the
wireless network, thereby creating an integrated user authentication process for the entire enterprise
network.
The security portal feature of the Airgo AP plays a special role in wireless backhaul authentication.
For more information, see Chapter 6, “Configuring a Wireless Backhaul.”
Selecting a Network Management Method
As with user authentication, appropriate network management solutions depend upon the size and
complexity of the network, and Airgo products and features are available to support the full range
of possibilities.