Chapter 6: Configuring Security
When You
Configure
Different SSIDs
with Different
Security Settings
Use an 802.1x security solution. 802.1x security provides a framework to authenticate user traffic to a protected wireless network. Using 802.1x security provides secure data transmission by creating a secure spanning tree and dynamically rotating the WEP keys. You configure the access point as an authenticator. For the authentication server, you can either use an external RADIUS server or you can use the access point’s embedded authentication server (EAS). For help, see “Implementing an 802.1x Security Solution” on page 192.
Use
For help troubleshooting security, see “Troubleshooting Security” on page 255.
You can configure each 802.11g and 802.11a radio with up to four SSIDs or service sets. Although each service set shares one physical radio configuration, you can configure each service set with a different security configuration. Also, you can configure each service set for a separate VLAN. For example, you can configure:
primary service set for WPA/PSK.
secondary 1 service set for WPA/802.1x and VLAN 13.
secondary 2 service set for static WEP and an ACL.
secondary 3 service set for Dynamic WEP/802.1x and VLAN 150.
Note that using multiple services sets is not part of the
Many end device radios do not support using multiple service sets to implement a mixed security environment. The radios do not understand different security information coming from the beacons and probe responses. This means:
if any type of security is set on the primary service set, then the secondary service sets should also the same type of security.
if no security is set on the primary service set, then the secondary service sets cannot use any type of security.
For example, you have an access point with an 802.11g radio. You configure the primary service set for WPA/PSK and you do not configure any security for the secondary 1 service set. An older end device with an
