Radio Interface 6
•
Both WEP and WPA security settings are configurable separately for each virtual access point (VAP) interface. MAC address filtering, and RADIUS server settings are global and apply to all VAP interfaces.
The security mechanisms that may be employed depend on the level of security required, the network and management resources available, and the software support provided on wireless clients.
A summary of wireless security considerations is listed in the following table.
Table
Security | Client Support | Implementation Considerations |
Mechanism |
|
|
WEP | • Provides only weak security | |
| devices | • Requires manual key management |
|
|
|
WEP over 802.1X | Requires 802.1X client support | • Provides dynamic key rotation for improved WEP |
| in system or by | security |
| (support provided in Windows | • Requires configured RADIUS server |
| 2000 SP3 or later and Windows | • 802.1X EAP type may require management of |
| XP) | digital certificates for clients and server |
|
|
|
MAC Address | Uses the MAC address of client | • Provides only weak user authentication |
Filtering | network card | • Management of authorized MAC addresses |
|
| • Can be combined with other methods for improved |
|
| security |
|
| • Optionally configured RADIUS server |
|
|
|
WPA over 802.1X | Requires | • Provides robust security in |
Mode | and network card driver | (i.e., WPA clients only) |
| (native support provided in | • Offers support for legacy WEP clients, but with |
| Windows XP) | increased security risk (i.e., WEP authentication |
|
| keys disabled) |
|
| • Requires configured RADIUS server |
|
| • 802.1X EAP type may require management of |
|
| digital certificates for clients and server |
WPA PSK Mode | Requires | • Provides good security in small networks |
| and network card driver | • Requires manual management of |
| (native support provided in |
|
| Windows XP) |
|
