User's Manual
Table Of Contents
- Introduction
- First-Time Installation and Configuration
- Using Web-Based Network Manager
- Appendix A: Default Settings
- Appendix B: Troubleshooting
- Appendix C: Additional Information
2. Specify the name of the MAC ACL file on the TFTP server in the MAC ACL file name text
box.
3. Click Download.
3.5.2.2. LAN-to-LAN Bridge Interface
Fig. 55. IEEE 802.11g security settings for a LAN-to-LAN bridge interface.
Data transmitted over the bridge links can be encrypted by WEP (Wired Equivalent Privacy). There-
fore, there are 3 security modes:
Open System. No data encryption.
Static WEP. WEP (Wired Equivalent Privacy) keys must be manually configured.
When Static WEP is chosen as the security mode, the Key length can be specified to be 64 Bits or
128 Bits. The Selected key setting specifies the key to be used as a send-key for encrypting outgoing
WDS traffic. All 4 WEP keys are used as receive-keys to decrypt incoming WDS traffic.
NOTE: Each field of a WEP key setting is a hex-decimal number from 00 to FF. For example, when
the security mode is Static WEP and the key length is 64 Bits, you could set Key 1 to
“00012E3ADF”.
3.5.3. IEEE 802.1x/RADIUS
IEEE 802.1x Port-Based Network Access Control is a new standard for solving some security issues
associated with IEEE 802.11, such as lack of user-based authentication and dynamic encryption key
distribution. With IEEE 802.1x and the help of a RADIUS (Remote Authentication Dial-In User Ser-
vice) server and a user account database, an enterprise or ISP (Internet Service Provider) can manage
its mobile users' access to its wireless LANs. Before granted access to a wireless LAN supporting
IEEE 802.1x, a user has to issue his or her user name and password or digital certificate to the
backend RADIUS server by EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS
server can record accounting information such as when a user logs on to the wireless LAN and logs
off from the wireless LAN for monitoring or billing purposes.
The IEEE 802.1x functionality of the advanced wireless access point is controlled by the security
mode (see Section 3.5.2.1). So far, the wireless access point supports two authentication mecha-
nisms—EAP-MD5 (Message Digest version 5) and EAP-TLS (Transport Layer Security). If
EAP-MD5 is used, the user has to give his or her user name and password for authentication. If
EAP-TLS is used, the wireless client computer automatically gives the user’s digital certificate that is
stored in the computer hard disk or a smart card for authentication. And after a successful EAP-TLS
authentication, a session key is automatically generated for wireless packets encryption between the
35