User Manual
Table Of Contents
- Contents
- Introduction
- Installation & Basic Configuration
- Status Information
- Advanced Configuration
- Configuring the AP-600 Using the HTTP Interface
- System
- Network
- Interfaces
- Management
- Filtering
- Ethernet Protocol
- Static MAC
- Static MAC Filter Examples
- Prevent Two Specific Devices from Communicating
- Prevent Multiple Wireless Devices From Communicating With a Single Wired Device
- Prevent All Wireless Devices From Communicating With a Single Wired Device
- Prevent A Wireless Device From Communicating With the Wired Network
- Prevent Messages Destined for a Specific Multicast Group from Being Forwarded to the Wireless LAN
- Static MAC Filter Examples
- Advanced
- TCP/UDP Port
- Alarms
- Bridge
- Security
- RADIUS
- Monitor Information
- Commands
- Troubleshooting
- Troubleshooting Concepts
- Symptoms and Solutions
- Recovery Procedures
- System Alarms (Traps)
- Related Applications
- Command Line Interface (CLI)
- General Notes
- Command Line Interface (CLI) Variations
- CLI Command Types
- Using Tables & User Strings
- Configuring the AP-600 using CLI commands
- Set Basic Configuration Parameters using CLI Commands
- Other Network Settings
- Configure the AP-600 as a DHCP Server
- Configure the DNS Client
- Maintain Client Connections using Link Integrity
- Change your Wireless Interface Settings
- Autochannel Select (ACS)
- [Device Name]>set wif 3 autochannel
[Device Name]>reboot 0 - Enable 2X Turbo Mode (AP-600a Only)
- [Device Name]>set wif 3 turbo
[Device Name]>reboot 0 - Enable/Disable Interference Robustness (AP-600b Only)
- Enable/Disable Closed System (AP-600b Only)
- Enable/Disable Load Balancing (AP-600b Only)
- Enable/Disable Medium Density Distribution (AP-600b Only)
- Set the Distance Between APs (AP-600b Only)
- Set the Multicast Rate (AP-600b Only)
- Set Ethernet Speed and Transmission Mode
- Set Interface Management Services
- Configure Syslog
- Configure Intra BSS
- Configure MAC Access Control
- Configure 802.1x Authentication
- Set RADIUS Parameters
- CLI Monitoring Parameters
- Parameter Tables
- ASCII Character Chart
- Specifications
- Technical Support
Advanced Configuration
63
Mixed Mode (802.1x and WEP Encryption)
Follow these steps to use both 802.1x and WEP Encryption simultaneously (clients that do not support 802.1x use
WEP Encryption for security purposes):
1. Within the
802.1x Configuration
screen, set 802.1x Security Mode to Mixed.
2. Select an Encryption Key Length.
• The AP-600b supports 64-bit and 128-bit encryption.
• The AP-600a supports 64-bit, 128-bit, and 152-bit encryption.
3. Enter a Re-keying Interval.
• The Re-keying Interval determines how often a client’s encryption key is changed and can be set to any value
between 60 - 65535 seconds. Rekeying frustrates hacking attempts without taxing system resources. Setting
a fairly frequent rekey value (900 seconds=15 minutes) effectively protects against intrusion without disrupting
network activities.
4. Click OK to save the changes.
5. Click the Encryption tab.
1. Place a check mark in the box labeled Enable Encryption (WEP).
2. Configure Encryption Key 1 only (i.e., do not configure Keys 2 through 4). Keep in mind the following:
• Use the same key size (64/128/152-bit) that you configured for Encryption Key Length on the 802.1x page.
— For 64-bit encryption, an encryption key is 10 hexadecimal characters (0-9 and A-F) or 5 ASCII
characters (see ASCII Character Chart).
— For 128-bit encryption, an encryption key is 26 hexadecimal characters or 13 ASCII characters.
— For 152-bit encryption, an encryption key is 32 hexadecimal characters or 16 ASCII characters.
• You can enter the Encryption Keys in either hexadecimal or ASCII format.
• You need to manually configure your wireless clients that do not support 802.1x to use the same Encryption
Key.
3. Set Deny Non-Encrypted Data to Enable if you want to prevent clients that do not have WEP enabled or the
proper keys configured from communicating with the network.
4. Confirm that Key 1 is selected in the Encrypt Data Transmissions Using drop-down menu.
5. Click OK.
6. If you have not already done so, configure the RADIUS authentication settings (see RADIUS Authentication with
802.1x for details.
7. Reboot the Access Point.
802.1x Security and Wireless Distribution Systems (WDS)
Wireless distribution systems (WDS) are configured using specific ports on the AP-600b. To use 802.1x with WDS, you
need to set the 802.1x Security Mode to Mixed (WEP and 802.1x) and confirm that the AP-600b units communicating
in the WDS share the same encryption key (Key 1). See Wireless Distribution System (WDS) for more information.
127(
127(127(
127(
The AP-600a does not support WDS.
RADIUS
The AP-600 communicates with a network’s RADIUS server to provide the following features:
– MAC Access Control Via RADIUS Authentication
– RADIUS Authentication with 802.1x
– RADIUS Accounting
You can configure the AP-600 to communicate with up to four different RADIUS servers:
• Primary Authentication Server
• Back-up Authentication Server
• Primary Accounting Server
• Back-up Accounting Server
127(
127(127(
127(
You must have configured the settings for at least one Authentication server before configuring the settings for
an Accounting server.