User's Manual
Table Of Contents
- Chapter 1: Introduction 1-1
- Chapter 1: Introduction
- Chapter 2: Hardware Installation
- Chapter 3: External Antennas
- Chapter 4: Network Configuration
- Chapter 5: Initial Configuration
- Chapter 6: System Configuration
- Chapter 7: Command Line Interface
- Using the Command Line Interface
- Entering Commands
- Command Groups
- General Commands
- System Management Commands
- System Logging Commands
- System Clock Commands
- DHCP Relay Commands
- SNMP Commands
- snmp-server community
- snmp-server contact
- snmp-server location
- snmp-server enable server
- snmp-server host
- snmp-server trap
- snmp-server engine-id
- snmp-server user
- snmp-server targets
- snmp-server filter
- snmp-server filter-assignments
- show snmp groups
- show snmp users
- show snmp group-assignments
- show snmp target
- show snmp filter
- show snmp filter-assignments
- show snmp
- Flash/File Commands
- RADIUS Client
- 802.1X Authentication
- MAC Address Authentication
- Filtering Commands
- WDS Bridge Commands
- Spanning Tree Commands
- Ethernet Interface Commands
- Wireless Interface Commands
- interface wireless
- vap
- speed
- turbo
- multicast-data-rate
- channel
- transmit-power
- radio-mode
- preamble
- antenna control
- antenna id
- antenna location
- beacon-interval
- dtim-period
- fragmentation-length
- rts-threshold
- super-a
- super-g
- description
- ssid
- closed-system
- max-association
- assoc-timeout-interval
- auth-timeout-value
- shutdown
- show interface wireless
- show station
- Rogue AP Detection Commands
- Wireless Security Commands
- Link Integrity Commands
- IAPP Commands
- VLAN Commands
- WMM Commands
- Appendix A: Troubleshooting
- Appendix B: Cables and Pinouts
- Appendix C: Specifications
- Glossary
- Index
Radio Interface
6-67
6
A summary of wireless security considerations is listed in the following table.
Note: You must enable data encryption through the web or CLI in order to enable all
types of encryption (WEP, TKIP, or AES) in the access point.
Table 6-2. Wireless Security Considerations
Security
Mechanism
Client Support Implementation Considerations
WEP Built-in support on all 802.11a
and 802.11g devices
• Provides only weak security
• Requires manual key management
WEP over 802.1X Requires 802.1X client support
in system or by add-in software
(support provided in Windows
2000 SP3 or later and Windows
XP)
• Provides dynamic key rotation for improved WEP
security
• Requires configured RADIUS server
• 802.1X EAP type may require management of
digital certificates for clients and server
MAC Address
Filtering
Uses the MAC address of client
network card
• Provides only weak user authentication
• Management of authorized MAC addresses
• Can be combined with other methods for improved
security
• Optionally configured RADIUS server
WPA over 802.1X
Mode
Requires WPA-enabled system
and network card driver
(native support provided in
Windows XP)
• Provides robust security in WPA-only mode
(i.e., WPA clients only)
• Offers support for legacy WEP clients, but with
increased security risk (i.e., WEP authentication
keys disabled)
• Requires configured RADIUS server
• 802.1X EAP type may require management of
digital certificates for clients and server
WPA PSK Mode Requires WPA-enabled system
and network card driver
(native support provided in
Windows XP)
• Provides good security in small networks
• Requires manual management of pre-shared key
WPA2 with 802.1X Requires WPA-enabled system
and network card driver (native
support provided in Windows
XP)
• Provides the strongest security in WPA2-only
mode
• Provides robust security in mixed mode for WPA
and WPA2 clients
• Offers fast roaming for time-sensitive client
applications
• Requires configured RADIUS server
• 802.1X EAP type may require management of
digital certificates for clients and server
• Clients may require hardware upgrade to be WPA2
compliant
WPA2 PSK Mode Requires WPA-enabled system
and network card driver (native
support provided in Windows
XP)
• Provides robust security in small networks
• Requires manual management of pre-shared key
• Clients may require hardware upgrade to be WPA2
compliant