Security
Security
The access point is configured by default as an “open system,” which broadcasts a beacon signal including the configured SSID. Wireless clients with an SSID setting of “any” can read the SSID from the beacon and automatically set their SSID to allow immediate connection to the nearest access point.
The security mechanisms that you may employ depend upon the level of security required, the network and management resources available, and the software support provided on wireless clients. Table 4‐7 provides a summary of wireless security considerations.
Table
Security |
|
|
Mechanism | Client Support | Implementation Considerations |
|
|
|
WEP | Provides only basic security | |
| 802.11b, and 802.11g devices | Requires manual key management |
|
|
|
WEP over | Requires 802.1x client support | Provides dynamic key rotation for improved WEP |
802.1x | in system or by | security |
| (native support provided in | • Requires configured RADIUS server |
| Windows XP and Windows 2000 | • 802.1x EAP type may require management of |
| via patch) | digital certificates for clients and server |
|
|
|
AES (Advanced | 802.11i ready | Provides more robust wireless security. |
Encryption |
|
|
Standard) |
|
|
|
|
|
MAC Address | Uses the MAC address of client | • Management of authorized MAC addresses |
Filtering | network card | • Can be combined with other methods for improved |
|
| security |
|
| • Optionally configured RADIUS server |
WPA over | Requires |
802.1x mode | and network card driver |
| (native support provided in |
| Windows XP) |
Provides robust security in
•Offers support for legacy WEP clients, but with increased security risk (for example, WEP authentication keys disabled)
•Requires configured RADIUS server
•802.1x EAP type may require management of digital certificates for clients and server
WPA Pre- | Requires | • Provides good security in small networks |
shared key type | and network card driver | • Requires manual management of |
| (native support provided in |
|
| Windows XP) |
|
|
|
|
Note: Although a WEP static key is not needed for WEP over 802.1x, WPA over 802.1x, and WPA PSK modes, you must enable WEP encryption through the Web or CLI in order to enable all types of encryption in the access point.