User Guide
Wi-Fi Array
Installing the Wi-Fi Array 43
z WEP-40bit or WEP-128bit
Because WEP is vulnerable to cracks, we recommend that you only use
this for legacy devices that cannot support a stronger encryption type.
z Wi-Fi Protected Access (WPA)
This is much more secure than WEP and uses TKIP for encryption.
z Wi-Fi Protected Access (WPA2) with AES
This is government-grade encryption—available on most new client
adapters—and uses the AES–CCM encryption mode (Advanced
Encryption Standard–Counter Mode).
Authentication
Authentication ensures users are who they say they are, and occurs when users
att
empt to join the wireless network and periodically thereafter. The following
authentication methods are available with the Wi-Fi Array:
z RADIUS 802.1x
802.1x uses a remote RADIUS server to authenticate large numbers of
clients, and can handle different authentication methods (EAP-TLS, EAP-
TTLS, EAP-PEAP, and EAP-LEAP Passthrough).
z Xirrus Internal RADIUS server
Recommended for smaller numbers of users (about 100 or less). Supports
EAP-PEAP only
z Pre-Shared Key
Uses a pass-phrase or key that is manually distributed to all authorized
users. The same passphrase is given to client devices and entered into
each Array.
z MAC Access Control Lists (ACLs)
MAC access control lists provide a list of client adapter MAC addresses
that are allowed or denied access to the wireless network, and can be
used in addition to any of the above authentication methods. ACLs are
good for embedded devices, like printers and bar-code scanners (though
MAC addresses can be spoofed). The Wi-Fi Array supports 1,000 ACL
entries.