Specifications

ManualsBrandsAlcatel ManualsComputer equipmentOmniAccess AP61

291

292

293

294

295

296

297

298

299

300

Wireless LAN Configuration 275

Chapter 13

Radio Type – SSIDs may appear on only 802.11a radios, only 802.11b/g

radios or on both types of radios.

SSID Default VLAN – If desired, a given SSID may be mapped to a particular

VLAN. See the “VLAN Mapping” section below for more details.

Ignore Broadcast Probe-Request – When a client sends a broadcast

probe-request frame to search for all available SSIDs, controls whether or not

the system will respond for this SSID. When enabled, no response will be sent

– clients will have to know the SSID in order to associate. When disabled, a

probe-response frame will be sent for this SSID.

OTE—When using multiple SSIDs on Alcatel Access Points, the 802.11a radio

may respond with multiple probe responses using the same BSSID (MAC

address). Some clients will report only a single ESSID per BSSID and may

not be able to associate. If this problem occurs, enable this option to sup-

press responses to broadcast probe requests.

Encryption Type – Specify open, WEP, TKIP, AES-CCM, or Mixed

TKIP/AES-CCM. See below for discussion on each type.

VLAN Mapping

AOS-W supports a concept known as “crypto-VLANs” whereby clients may

access the same network using different encryption types. Good security

practices require that different L2 encryption types be mapped to different L2

subnets – otherwise, broadcast and multicast frames from a less secure

encryption such as static WEP may lead to the compromise of a more secure

encryption type such as TKIP. When using multiple encryption types on

separate SSIDs, make sure that each SSID is mapped to a different VLAN

inside the Alcatel switch.

SSID-based VLAN mapping may also be used for separation of traffic. For

example, traffic from a guest SSID may be mapped to a guest VLAN, while

traffic from employee SSIDs may be mapped to an internal network.

WEP Encryption

Two types of WEP encryption are available: static WEP and dynamic WEP.

When static WEP is used, one WEP key will be configured for the SSID. All

users on the network must use the same key, and no key rotation is possible.

Static WEP is generally considered to provide less-than-ideal security and

should be supplemented with Alcatel’s built-in firewall protection when used.

Dynamic WEP (used with 802.1x) provides somewhat better protection,

particularly when combined with AOS-W Wireless Intrusion Detection

features. When using dynamic WEP, the authentication server provides an

individual encryption key to each client at the time of 802.1x authentication.