Setting up Security 29
Setting up Security The Encryption page lets you select the type of security to be used on the access
point. The page is divided into Security Settings, which determine the type of
access authentication, and Access Point Encryption Settings, which determine the
type of encryption used if the access point is handling encryption. To maintain
wireless association, the encryption settings on clients and all the access points
they associate with must match exactly.
In addition to providing wireless encryption, access point security can be
integrated with upper layer authentication provided by a RADIUS server on the
wired LAN using IEEE 802.1x support.
Security Settings The following security settings are available on the Encryption page. Security
settings that use access point encryption also require you to select from the
options available under Access Point Encryption Settings, which are described in
“Access Point Encryption Settings”.
■Access Point Local Authentication/Encryption—Disables upper-layer
authentication, so the access point handles both authentication and
encryption. It can be used with any of the encryption options described in
“Access Point Encryption Settings”.
■RADIUS EAP-MD5 Authentication with Access Point Encryption—Enables
RADIUS authentication using MD5 (username-password) authentication. It can
be used with No Security (Open System), 40-bit Encryption Shared Key (Wi-Fi),
or 128-bit Encryption Shared Key as described in “Access Point Encryption
Settings”.
■RADIUS Serial Authentication with Dynamic Encryption Key—Enables
mutual RADIUS authentication implementation, which allows client and
RADIUS to mutually authenticate (EAP-TLS) and perform user authentication
(EAP-MD5). You can select either 40-bit or 128-bit Dynamic Encryption.
Selecting Auto-Session Key Renew causes the access point and clients to
periodically change session keys, greatly enhancing security.
RADIUS EAP-TLS Authentication with Dynamic Encryption Key
(Windows XP only)—Enables certificate-based mutual RADIUS authentication
with 40-bit or 128-bit Dynamic Encryption. This setting is supported for clients
running under Windows XP.
■Access Point Local MAC Authentication/Encryption—Enables client
authentication through a list of MAC addresses stored on the access point.
Only clients whose MAC addresses are on the list can associate with the access
point. This option can be used with No Security (Open System), 40-bit
Encryption Shared Key (Wi-Fi), or 128-bit Encryption Shared Key as described in
“Access Point Encryption Settings”. For details on how to set up the access list,
see “Setting up a MAC Address Access List” on page 31.
■RADIUS MAC Authentication with Access Point Encryption—Enables
client authentication through a list of MAC addresses stored on a RADIUS
server. Only clients whose MAC addresses are on the list can associate with the
access point. This option can be used with No Security (Open System), 40-bit
Encryption Shared Key (Wi-Fi), or 128-bit Encryption Shared Key as described in
“Access Point Encryption Settings”. For details on how to create the MAC
authentication list on the RADIUS server, see RADIUS documentation.