Security

Security

The access point is configured by default as an “open system,” which broadcasts a beacon signal including the configured SSID. Wireless clients with an SSID setting of “any” can read the SSID from the beacon and automatically set their SSID to allow immediate connection to the nearest access point.

The security mechanisms that you may employ depend upon the level of security required, the network and management resources available, and the software support provided on wireless clients. Table 4‐7 provides a summary of wireless security considerations.

Table 4-7 Security Mechanisms

Security

 

 

Mechanism

Client Support

Implementation Considerations

 

 

 

WEP

Built-in support on all 802.11a,

Provides only basic security

 

802.11b, and 802.11g devices

Requires manual key management

 

 

 

WEP over

Requires 802.1x client support

Provides dynamic key rotation for improved WEP

802.1x

in system or by add-in software

security

 

(native support provided in

• Requires configured RADIUS server

 

Windows XP and Windows 2000

• 802.1x EAP type may require management of

 

via patch)

digital certificates for clients and server

 

 

 

AES (Advanced

802.11i ready

Provides more robust wireless security.

Encryption

 

 

Standard)

 

 

 

 

 

MAC Address

Uses the MAC address of client

• Management of authorized MAC addresses

Filtering

network card

• Can be combined with other methods for improved

 

 

security

 

 

• Optionally configured RADIUS server

WPA over

Requires WPA-enabled system

802.1x mode

and network card driver

 

(native support provided in

 

Windows XP)

Provides robust security in WPA-only mode (for example, WPA clients only)

Offers support for legacy WEP clients, but with increased security risk (for example, WEP authentication keys disabled)

Requires configured RADIUS server

802.1x EAP type may require management of digital certificates for clients and server

WPA Pre-

Requires WPA-enabled system

• Provides good security in small networks

shared key type

and network card driver

• Requires manual management of pre-shared key

 

(native support provided in

 

 

Windows XP)

 

 

 

 

Note: Although a WEP static key is not needed for WEP over 802.1x, WPA over 802.1x, and WPA PSK modes, you must enable WEP encryption through the Web or CLI in order to enable all types of encryption in the access point.

4-78 Advanced Configuration

Page 114
Image 114
Enterasys Networks RBT-4102 manual Security, Wep