Proxim AP-4000 manual Security Profile, Provide Access to a Wireless Host in the Same Workgroup

Provide Access to a Wireless Host in the Same Workgroup

The VLAN feature can allow wireless clients to manage the AP. If the VLAN Management ID matches a VLAN User ID, then those wireless clients who are members of that VLAN will have AP management access.

CAUTION: Once a VLAN Management ID is configured and is equivalent to one of the VLAN User IDs on the AP, all members of that User VLAN will have management access to the AP. Be careful to restrict VLAN membership to those with legitimate access to the AP.

1.Click Configure > SSID/VLAN/Security > Mgmt VLAN.

2.Set the VLAN Management ID to use the same VLAN ID as one of the configured SSIDs.

3.Place a check mark in the Enable VLAN Tagging box.

Disable VLAN Tagging

1.Click Configure > SSID/VLAN/Security > Mgmt VLAN.

2.Remove the check mark from the Enable VLAN Tagging box (to disable all VLAN functionality) or set the VLAN Management ID to -1 (to disable VLAN Tagging only).

NOTE: If you disable VLAN Tagging, you will be unable to configure security per SSID.

Security Profile

The AP supports the following security features:

•WEP Encryption: The original encryption technique specified by the IEEE 802.11 standard.

•802.1x Authentication: An IEEE standard for client authentication.

•Wi-Fi Protected Access (WPA/802.11i [WPA2]): A new standard that provides improved encryption security over WEP.

NOTE: The AP does not support shared key 802.11 MAC level authentication. Clients with this MAC level feature must disable it.

WEP Encryption

The IEEE 802.11 standards specify an optional encryption feature, known as Wired Equivalent Privacy or WEP, that is designed to provide a wireless LAN with a security level equal to what is found on a wired Ethernet network. WEP encrypts the data portion of each packet exchanged on an 802.11 network using an Encryption Key (also known as a WEP Key).

When Encryption is enabled, two 802.11 devices must have the same Encryption Keys and both devices must be configured to use Encryption in order to communicate. If one device is configured to use Encryption but a second device is not, then the two devices will not communicate, even if both devices have the same Encryption Keys.

802.1x Authentication

IEEE 802.1x is a standard that provides a means to authenticate and authorize network devices attached to a LAN port. A port in the context of IEEE 802.1x is a point of attachment to the LAN, either a physical Ethernet connection or a wireless link to an Access Point. 802.1x requires a RADIUS server and uses the Extensible Authentication Protocol (EAP) as a standards-based authentication framework, and supports automatic key distribution for enhanced security. The EAP-based authentication framework can easily be upgraded to keep pace with future EAP types.

Popular EAP types include:

•EAP-Message Digest 5 (MD5): Username/Password-based authentication; does not support automatic key distribution

•EAP-Transport Layer Security (TLS): Certificate-based authentication (a certificate is required on the server and each client); supports automatic key distribution

116