99
Network Parameters

Encryption

The IEEE 802.11 standards specify an optional encryption feature, known as Wired Equivalent Privacy or WEP, that is
designed to provide a wireless LAN with a security level equal to what is found on a wired Ethernet network. WEP
encrypts the data portion of each packet exchanged on an 802.11 network using an Encryption Key (also known as a
WEP Key).
When Encryption is enabled, two 802.11 devices must have the same Encryption Keys and both devices must be
configured to use Encryption in order to communicate. If one device is configured to use Encryption but a second
device is not, then the two devices will not communicate, even if both devices have the same Encryption Keys.
The AP-2500 supports 64-bit and 128-bit encryption (for both 802.11a and 802.11b).
For 64-bit encryption, an encryption key is 10 hexadecimal characters (0-9 and A-F) or 5 ASCII characters
(see ASCII Character Chart).
For 128-bit encryption, an encryption key is 26 hexadecimal characters or 13 ASCII characters. Note that
some 802.11b cards do not support 128-bit encryption.
NOTE
64-bit encryption is sometimes referred to as 40-bit encryption; 128-bit encryption is sometimes referred to as
104-bit encryption.
Keep in mind that if you enable WEP encryption on the wireless interfaces, you will need to inform your subscribers of
these settings and they will need to reconfigure their wireless cards with these settings before gaining access to the
network (and before they are prompted to logon to the hotspot).
See Set WEP Encryption for each Wireless Interface for step-by-step configuration instructions.

VPN

Many companies support Virtual Private Network (VPN) connections to provide secure network access for employees
in remote locations. The VPN connection establishes a secure, encrypted tunnel between the employee and the
company’s VPN server over the public Internet.
VPNs are a popular application for hotspot subscribers. For example, a business traveler can establish a VPN session
with his company’s network at an airport or a hotel and access the same network resources that are available to him
when he’s physically in the office.
To create a VPN connection, a company needs a VPN server on the Internet. An employee needs VPN client software
installed on his computer and a connection to the Internet. There are multiple tunneling and encapsulation techniques
available and can vary from company to company.
In general, a subscriber with a public, routable IP address can establish a VPN session with his company without
involving the AP-2500. However, must subscribers in your hotspot will use private IP address assigned by the AP
performing Network Address Translation (NAT). (See Dynamic Address Translation (DAT) for information on NAT.)
Therefore, you must configure the AP to support VPN connections.
The AP-2500 supports two of the most popular VPN protocols when performing NAT:
Point-to-Point Tunneling Protocol (PPTP)
Internet Protocol Security Protocol (IPSec) using Encapsulating Security Payload (ESP)
The VPN configuration information is found at Configure > Network > VPN. By default, these two protocols are
enabled. Follow these steps if you want to change the default VPN settings:
1. Click Configure > Network > VPN.
2. Configure the Enable PPTP field to enable or disable PPTP support.
By default, PPTP is enabled.
3. Enter the number of seconds after which an idle PPTP connection will time-out in the PPTP Idle Timeout field.
By default, this is set to 0 seconds; this means that an idle connection will never time-out.
4. Configure the IPSec field to enable or disable IPSec support.
By default, IPSec is enabled.
5. Click OK.
6. Reboot the AP for your changes to take effect.