User guide
Table Of Contents
- Introduction
- Installation and Initialization
- System Status
- Advanced Configuration
- System
- Network
- Interfaces
- Management
- Filtering
- Alarms
- Bridge
- QoS
- Radius Profiles
- SSID/VLAN/Security
- Monitoring
- Commands
- Troubleshooting
- Command Line Interface (CLI)
- General Notes
- Command Line Interface (CLI) Variations
- CLI Command Types
- Using Tables and Strings
- Configuring the AP using CLI commands
- Set Basic Configuration Parameters using CLI Commands
- Set System Name, Location and Contact Information
- Set Static IP Address for the AP
- Change Passwords
- Set Network Names for the Wireless Interface
- Enable 802.11d Support and Set the Country Code
- Enable and Configure TX Power Control for the Wireless Interface
- Configure SSIDs (Network Names), VLANs, and Profiles
- Download an AP Configuration File from your TFTP Server
- Backup your AP Configuration File
- Set up Auto Configuration
- Other Network Settings
- Configure the AP as a DHCP Server
- Configure the DNS Client
- Configure DHCP Relay
- Configure DHCP Relay Servers
- Maintain Client Connections using Link Integrity
- Change Wireless Interface Settings
- Set Ethernet Speed and Transmission Mode
- Set Interface Management Services
- Configure Syslog
- Configure Intra BSS
- Configure Wireless Distribution System
- Configure MAC Access Control
- Set RADIUS Parameters
- Set Rogue Scan Parameters
- Set Hardware Configuration Reset Parameters
- Set VLAN/SSID Parameters
- Set Security Profile Parameters
- CLI Monitoring Parameters
- Parameter Tables
- CLI Batch File
- ASCII Character Chart
- Specifications
- Technical Services and Support
- Statement of Warranty
Advanced Configuration AP-700 User Guide
SSID/VLAN/Security
108
CAUTION: Once a VLAN Management ID is configured and is equivalent to one of the VLAN User IDs on the AP, all
members of that User VLAN will have management access to the AP. Be careful to restrict VLAN
membership to those with legitimate access to the AP.
NOTE: When VLAN is enabled, ensure that all devices in the network share the same VLAN ID.
1. Click Configure > SSID/VLAN/Security > Mgmt VLAN.
2. Set the VLAN Management ID to use the same VLAN ID as one of the configured SSIDs.
3. Place a check mark in the Enable VLAN Tagging box.
Disable VLAN Tagging
1. Click Configure > SSID/VLAN/Security > Mgmt VLAN.
2. Remove the check mark from the Enable VLAN Tagging box (to disable all VLAN functionality) or set the VLAN
Management ID to -1 (to disable VLAN Tagging only).
NOTE: If you disable VLAN Tagging, you will be unable to configure security per SSID.
Security Profile
See the following sections:
• Security Features
• Authentication Protocol Hierarchy
• VLANs and Security Profiles
• Configuring Security Profiles
Security Features
The AP supports the following security features:
• WEP Encryption: The original encryption technique specified by the IEEE 802.11 standard.
• 802.1x Authentication: An IEEE standard for client authentication.
• Wi-Fi Protected Access (WPA/802.11i [WPA2]): A new standard that provides improved encryption security over WEP.
NOTE: The AP does not support shared key 802.11 MAC level authentication. Clients with this MAC level feature must
disable it.
WEP Encryption
The IEEE 802.11 standards specify an optional encryption feature, known as Wired Equivalent Privacy or WEP, that is
designed to provide a wireless LAN with a security level equal to what is found on a wired Ethernet network. WEP
encrypts the data portion of each packet exchanged on an 802.11 network using an Encryption Key (also known as a
WEP Key).
When Encryption is enabled, two 802.11 devices must have the same Encryption Keys and both devices must be
configured to use Encryption in order to communicate. If one device is configured to use Encryption but a second device
is not, then the two devices will not communicate, even if both devices have the same Encryption Keys.
802.1x Authentication
IEEE 802.1x is a standard that provides a means to authenticate and authorize network devices attached to a LAN port.
A port in the context of IEEE 802.1x is a point of attachment to the LAN, either a physical Ethernet connection or a
wireless link to an Access Point. 802.1x requires a RADIUS server and uses the Extensible Authentication Protocol
(EAP) as a standards-based authentication framework, and supports automatic key distribution for enhanced security.
The EAP-based authentication framework can easily be upgraded to keep pace with future EAP types.
Popular EAP types include: