Manualshelf

User manual

ManualsBrandsWavion ManualsComputer equipmentWBS-2400-SCT
61626364656667686970
SSID and VLAN configuration
Rev 4.0 User Manual 62
Authentication Combinations
WBS-2400 allows authentication of various types and in various combinations.
The basic 802.11 authentications are Open (none) and Shared Key. In Shared Key
Authentication, the WEP key is used as the shared key.
If the SSID is configured to Open + Shared Key, this means that both types of clients can
associate to the BST. This can be useful when the IT has another mechanism to determine
the authentication of users in terms of his overall network, e.g. Capture Portal. There may be
legacy clients that try to authenticate with Shared Key while others try to authenticate with
Open. It is assumed that the encryption in this case is WEP but the WBS-2400 does not force
this.
In WPA, it is assumed that the basic 802.11 authentication is Open. WPA defines advanced
authentications, either PSK (Pre-Shared Key) or RADIUS. In both cases, the initial keys (for
broadcast and for unicast traffic) are determined during the last phase of the WPA
authentication.
When RADIUS Authentication is used, the RADIUS server can determine, in addition to the
broadcast and unicast keys, the VLAN for the user belongs to (WBS-2400 supports multiple
VLAN per SSID).
The WBS-2400 has the capability to have an SSID that supports both RADIUS and PSK
authentication. The exact method is decided according to the packet that comes from the
client. If multiple VLAN are defined over such an SSID, a client that is authenticated using
PSK gets assigned to the default VLAN, while the clients that authenticate using RADIUS
have their VLAN determined by the RADIUS.
Each SSID can have a different RADIUS server configured. This allows for the transportation
of several networks over the same infrastructure of WBS-2400
Encryption Methods
Legacy 802.11 clients may connect Open (no encryption), or WEP.
In WEP, the encryption key can be either 40bit or 104bit.
In WPA, WBS-2400 supports TKIP encryption.
Since some clients may be legacy (supporting only WEP), WBS-2400 has the capability to have
SSID that support both WEP and TKIP clients. In this case, the broadcast key is WEP, while the
unicast key is either TKIP or WEP, depending on the way the client connected to the system.
This mode is called TSN (Transient Security Network). ..
Note: When you configure a TSN SSID, configure the WEP key as key
#2, since key #1 is used by TKIP.