User guide
Table Of Contents
- Introduction
- Installation and Initialization
- System Status
- Advanced Configuration
- System
- Network
- Interfaces
- Management
- Filtering
- Alarms
- Bridge
- QoS
- Radius Profiles
- SSID/VLAN/Security
- Monitoring
- Commands
- Troubleshooting
- Command Line Interface (CLI)
- General Notes
- Command Line Interface (CLI) Variations
- CLI Command Types
- Using Tables and Strings
- Configuring the AP using CLI commands
- Set Basic Configuration Parameters using CLI Commands
- Set System Name, Location and Contact Information
- Set Static IP Address for the AP
- Change Passwords
- Set Network Names for the Wireless Interface
- Enable 802.11d Support and Set the Country Code
- Enable and Configure TX Power Control for the Wireless Interface
- Configure SSIDs (Network Names), VLANs, and Profiles
- Download an AP Configuration File from your TFTP Server
- Backup your AP Configuration File
- Set up Auto Configuration
- Other Network Settings
- Configure the AP as a DHCP Server
- Configure the DNS Client
- Configure DHCP Relay
- Configure DHCP Relay Servers
- Maintain Client Connections using Link Integrity
- Change Wireless Interface Settings
- Set Ethernet Speed and Transmission Mode
- Set Interface Management Services
- Configure Syslog
- Configure Intra BSS
- Configure Wireless Distribution System
- Configure MAC Access Control
- Set RADIUS Parameters
- Set Rogue Scan Parameters
- Set Hardware Configuration Reset Parameters
- Set VLAN/SSID Parameters
- Set Security Profile Parameters
- CLI Monitoring Parameters
- Parameter Tables
- CLI Batch File
- ASCII Character Chart
- Specifications
- Technical Services and Support
- Statement of Warranty
Advanced Configuration AP-700 User Guide
SSID/VLAN/Security
111
If you have both 802.1x and MAC Access Control authentication enabled, the 802.1x authentication takes precedence
because it is higher in the authentication protocol hierarchy. This is required in order to propagate the WEP/TKIP/AES
keys to the clients in such cases. If you disable 802.1x on the AP, you will see the effects of MAC authentication.
In addition, setting MAC Access Control status to Strict will cause both MAC ACL settings and 802.1x settings to be
applied.
For example, assume that the MAC Access Control List contains MAC addresses to block, and that WPA-PSK is
configured to allow access to clients with the appropriate PSK Passphrase.
• If the MAC ACL status is set to Enable, WPA-PSK will take precedence, and clients in the MAC ACL with the correct
PSK passphrase will be allowed. Only the WPA-PSK setting is taken into consideration.
• If the MAC ACL status is set to Strict, then clients in the MAC ACL will be blocked even if they have the correct PSK
passphrase. Clients will only be allowed if they have the correct passphrase and are NOT listed in the MAC ACL. In
this way, both MAC and WPA-PSK settings are taken into consideration.
VLANs and Security Profiles
The AP allows you to segment wireless networks into multiple sub-networks based on Network Name (SSID) and VLAN
membership. A Network Name (SSID) identifies a wireless network. Clients associate with Access Points that share an
SSID. During installation, the Setup Wizard prompts you to configure a Primary Network Name for each wireless
interface.
After initial setup and once VLAN is enabled, the AP can be configured to support up to 16 SSIDs to segment wireless
networks based on VLAN membership.
Each VLAN can associated to a Security Profile and RADIUS Server Profiles. A Security Profile defines the allowed
wireless clients, and authentication and encryption types. See the following sections for configuration details.
Configuring Security Profiles
Security policies can be configured and applied on the AP as a whole, or on a per VLAN basis. When VLAN is disabled
on the AP, the user can configure a security profile for each interface of the AP. When VLANs are enabled and Security
per SSID is enabled, the user can configure a security profile for each VLAN.
The user defines a security policy by specifying one or more values for the following parameters:
• Wireless STA types (WPA station, 802.11i (WPA2) station, 802.1x station, WEP station, WPA-PSK, and 802.11i-PSK)
that can associate to the AP.
• Authentication mechanisms (802.1x, RADIUS MAC authentication) that are used to authenticate clients for each type
of station.
• Cipher Suites (CCMP, TKIP, WEP, None) used for encapsulating the wireless data for each type of station.
Up to 16 security profiles can be configured.
1. Click Configure > SSID/VLAN/Security > Security Profile.