User Guide
Chapter 11
802.11 Security
This chapter describes how to configure security policies as defined by the 802.11i
standard on the MSR2000 router. It contains the following sections:
•
802.11 security standard overview
•
MAC-based access control configuration
•
RADIUS AAA Configuration
•
Security Profile Configuration
•
BSS security
•
WDS security
802.11 standard overview
The 802.11 security standard defines a suite of wireless security protocols and
implementations. It provides open and shared key authentication, is compatible with
WPA /WPA2, and interoperates with 802.1x.
MAC-based Access Control Configuration
MSR2000 allows MAC address-based access control. For each BSS hosted by the
router, one can allow or disallow a list of client MAC addresses proper association with
the AP. Creation of the MAC list and the specification of the MAC addresses are
performed by the mac-list command under CONFIGURATION TERMINAL mode.
Table 24 Configuring MAC-List
Command Syntax Command Mode Purpose
mac-list <listname>
no mac-list <listname>
CONFIGURATION
CONFIGURATION
Create or modify a MAC address list
with the specified name
Remove a MAC address list
mac-addr <HH:HH:HH:HH:HH:HH>
no mac-addr <HH:HH:HH:HH:HH:HH>
MAC-LIST
MAC-LIST
Add a MAC address to the MAC list
Remove a MAC address from MAC
list
Show the configuration of MAC-List
You can use the following commands to show current configuration about MAC-List.
Table 25 Display MAC-List and information
Command Syntax Command Mode Purpose
show mac-list Privileged EXEC Show all configured MAC address list
View MAC-List configuration
Figure 18 Output of MAC-List configuration
!
MSR2000 CLI Configuration Guide
57