User guide
Table Of Contents
- Introduction
- Installation and Initialization
- Managing the Access Point
- Basic Configuration for an Enterprise
- Access Point Features
- Using Web Interface to Manage the Access Point
- Using SNMP Interface to Manage the Access Point
- Using CLI to Manage the Access Point
- Global Configuration Mode
- General Notes
- Configuring the AP using CLI Commands
- Command Line Interface Mode Overview
- User Exec Mode
- Privileged Exec Mode
- Show Command Tree Structure Command
- Show VLAN Command
- Show MAC ACL Command
- Show RADIUS Server Table Command
- Show RADIUS Supported Profile Table Command
- Show Security Wireless Config Table Command
- Show QoS Profile and Policy Command
- Show QoS EDCA Command
- Show Wireless Properties Command
- Show 11n Wireless Properties Command
- Wireless VAP Command
- Ethernet Interface Command
- Network Configuration Command
- Advaned Filter and Global Filter Command
- TCP-UDP and Static MAC Address Table Commands
- Protocl Filter, Filter Type and Filter Control Table Command
- Access Control and HTTP, Telnet and TFTP Commands
- SNMP Read, Read-Write Password and Trap Host Table Command
- Country Code and Management Commands
- System Information Command
- System Inventory Management Command
- Event Logand ICMP Commands
- IP ARP Statistics and SNTP Command
- Syslog configuration and RADIUS Client Authentication Table Commands
- RADIUS Client Access Command
- Interface Statistics Command
- Wireless Station Statistics Command
- IP Address, Subnet Mask and Gateway Command
- Scalar Objects Commands
- Table Entries Commands
- Table Entry Deletion Command
- Table Entry Edition Command
- VAP Table Commands
- Troubleshooting
- ASCII Character Chart
- Bootloader CLI
- Specifications
- Technical Services and Support
- Statement of Warranty
Access Point Features AP-800 User Guide
Configuring the Device
39
Configuring Security Profiles
Security policies can be configured and applied on the AP as a whole, or on a per SSID basis. You can configure a
security profile for each VLAN.
The user defines a security policy by specifying one or more values for the following parameters:
• Wireless STA types (WPA station, 802.11i (WPA2) station, WPA-PSK, and 802.11i-PSK) that can associate to the AP.
• Authentication mechanisms (802.1x ) that are used to authenticate clients for each type of station.
• Cipher Suites (AES, TKIP, WEP, None) used for encapsulating the wireless data for each type of station.
NOTE: If you select WEP or TKIP, then the device will work on legacy rates not on 11n rates.
AP-800 supports up to 8 security profiles and can be mapped to any of the VAPs. You can apply unique security profiles
to VAPs without enabling the VLAN.
Wireless Security Features
• Profile Name: This parameter represents the name of the security profile name.
• Authentication Mode: This parameter is used to configure the security authentication mode for wireless.
• WEP Key: This parameter is used to configure the Wep key for wireless security.
• Encryption Type: This parameter is used to configure the type of encryption for the wireless security.
• PSK: This is the read parameter and used to display the security key in asterisk.
• Rekeying Interval: This parameter represents the time interval within which the number of times the key is changed.
NOTE: Rekeying Interval in case of Dynamic WEP is WEP Rekeying Interval, whereas in the case of WPA Security
Modes is WPA Group Rekeying Interval.
RADIUS
Configuring Radius Profiles on the AP allows the administrator to define a profile for RADIUS Servers used by the system
or by a VLAN.
The network administrator can configure default RADIUS authentication servers to be used on a system-wide basis, or in
networks with VLANs enabled the administrator can also configure separate authentication servers to be used for MAC
authentication, 802.1x authentication, or RADIUS based accounting. If the back-up server are configured, then the AP
will communicate with the back-up server till the primary server is offline.
The AP communicates with the RADIUS server defined in a profile to provide the following features:
MAC Access Control Via RADIUS Authentication
If you want to control wireless access to the network and if your network includes a RADIUS Server, you can store the list
of MAC addresses on the RADIUS server rather than configure each AP individually. you can define a RADIUS profile
that specifies the IP Address of the server that contains a central list of MAC Address values identifying the authorized
stations that may access the wireless network. You must specify information for the least primary RADIUS server. The
back-up server is optional.
NOTE: Each VLAN can be configured to use a separate RADIUS server (and backup server) for MAC authentication.
MAC access control can be separately enabled for each VLAN.
802.1x Authentication using RADIUS
You must configure a primary EAP/802.1x Authentication server to use 802.1x security. A back-up server is optional.
NOTE: Each VLAN can be configured to use a separate RADIUS server (and back-up server) for 802.1x authentication.
802.1x authentication (“EAP authentication”) can be separately enabled for each VLAN.