Product Reference Guide (Supporting software release 4.0.0.0-35GRN and later) Manual

ManualsBrandsBrocade ManualsComputer AccessoriesMobility 7131N-FGR Access Point

171

172

173

174

175

176

177

178

179

180

Brocade Mobility 7131N-FGR Product Reference Guide 161

53-1001947-01

Chapter

6Configuring Access Point Security

In this chapter

•Configuring security options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

•Setting passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

•Enabling authentication and encryption schemes . . . . . . . . . . . . . . . . . . . 164

•Configuring 802.1x EAP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

•Configuring WPA2-CCMP (802.11i) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

•Configuring firewall settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

•Configuring VPN tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

•Configuring content filtering settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

•Configuring rogue AP detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

•Configuring user authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Security measures for the Brocade Mobility 7131N-FGR Access Point and its WLANs are critical.

Use the available Brocade Mobility 7131N-FGR Access Point security options to protect the

Brocade Mobility 7131N-FGR Access Point LAN from wireless vulnerabilities, and safeguard the

transmission of RF packets between the Brocade Mobility 7131N-FGR Access Point and its

associated MUs.

WLAN security can be configured on an ESS by ESS basis on the Brocade Mobility 7131N-FGR

Access Point. Sixteen separate ESSIDs (WLANs) can be supported on a Brocade Mobility

7131N-FGR Access Point, and must be managed (if necessary) between the 802.11a/n and

802.11b/g/n radio. The user has the capability of configuring separate security policies for each

WLAN. Each security policy can be configured based on the authentication (802.1x EAP) or

encryption (WPA2/CCMP) scheme best suited to the coverage area that security policy supports.

The Brocade Mobility 7131N-FGR Access Point can also create VPN tunnels to securely route

traffic through a IPSEC tunnel and block transmissions with devices interpreted as Rogue APs.

NOTE

Security for the Brocade Mobility 7131N-FGR Access Point can be configured in various locations

throughout the Brocade Mobility 7131N-FGR Access Point menu structure. This chapter outlines the

security options available to the Brocade Mobility 7131N-FGR Access Point, and the menu locations

and steps required to configure specific security measures.

Configuring security options

To configure the data protection options available on the Brocade Mobility 7131N-FGR Access

Point, refer to the following:

• To set an administrative password for secure Brocade Mobility 7131N-FGR Access Point

logins, see “Setting passwords” on page 162.