User Guide
Wi-Fi Array
208 Configuring the Wi-Fi Array
z “Admin RADIUS” on page 214
z “Management Control” on page 217
z “Access Control List” on page 221
z “Global Settings” on page 223
z “External Radius” on page 226
z “Internal Radius” on page 229
z “Rogue Control List” on page 231
Understanding Security
The Xirrus Wi-Fi Array incorporates many configurable security features. After
initially installing an Array, always change the default administrator password
(the default is admin), and choose a strong replacement password (containing
letters, numbers and special characters). See also, “Character Restrictions” on
page 126. When appropriate, issue read only administrator accounts.
Other security considerations include:
z SSH versus Telnet: Be aware that Telnet is not secure over network
connections and should be used only with a direct serial port connection.
When connecting to the unit’s Command Line Interface over a network
connection, you must use a Secure SHell version 2 (SSH-2) utility. SSH-2
provides stronger security than SSH-1. The most commonly used
freeware providing SSH tools is PuTTY.
z Configuration auditing: The optional Xirrus Management System (XMS)
offers powerful management features for small or large Xirrus Wi-Fi
deployments, and can audit your configuration settings automatically. In
addition, using the XMS eliminates the need for an FTP server.
z Choosing an encryption method: Wireless data encryption prevents
eavesdropping on data being transmitted or received over the airwaves.
The Array allows you to establish the following data encryption
configuration options:
• Open—this option offers no data encryption and is not
recommended, though you might choose this option if clients are