User's Manual
Table Of Contents
- Warranty and Product Registration
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Web Configuration
- Command Line Interface
- Using the Command Line Interface
- General Commands
- System Management Commands
- country
- prompt
- system name
- system-resource
- password
- reboot-schedule
- apmgmgtui ssh enable
- apmgmtui ssh port
- apmgmtui telnet- server enable
- apmgmtui http port
- apmgmtui http server
- apmgmtui http session-timeout
- apmgmtui https port
- apmgmtui https server
- apmgmtui snmp
- apmgmtip
- show apmanagement
- show system
- show system resource
- show version
- show config
- System Logging Commands
- System Clock Commands
- DHCP Relay Commands
- SNMP Commands
- snmp-server community
- snmp-server contact
- snmp-server location
- snmp-server enable server
- snmp-server host
- snmp-server trap
- snmp-server vacm view
- snmp-server vacm group
- snmp-server user
- snmp-server target
- snmp-server filter
- show snmp users
- show snmp target
- show snmp filter
- show snmp
- show snmp vacm view
- show snmp vacm group
- Flash/File Commands
- RADIUS Client Commands
- 802.1X Authentication Commands
- MAC Address Authentication Commands
- Filtering Commands
- Spanning Tree Commands
- bridge stp service
- bridge stp br-conf forwarding-delay
- bridge stp br-conf hello-time
- bridge stp br-conf max-age
- bridge stp br-conf priority
- bridge stp port-conf interface
- bridge-link path-cost
- bridge-link port- priority
- vap (STP Interface)
- path-cost (STP Interface)
- port-priority (STP Interface)
- bridge mac-aging
- show bridge stp
- show bridge br-conf
- show bridge port-conf interface
- show bridge status
- show bridge forward address
- show bridge mac- aging
- WDS Bridge Commands
- Ethernet Interface Commands
- Wireless Interface Commands
- interface wireless
- vap
- a-mpdu
- a-msdu
- channel
- transmit-power
- min-allowed-rate
- disable-coexist
- make-rf-setting- effective
- preamble
- short-guard-interval
- beacon-interval
- dtim-period
- rts-threshold
- ssid
- closed-system
- max-client
- max-association
- client-assoc-preempt
- assoc-timeout- interval
- auth-timeout-interval
- multicast-enhance
- shutdown (VAP)
- interfere-chan- recover
- antenna-chain
- long-distance
- long-distance reference-data
- long-distance slottime
- long-distance acktimeout
- long-distance ctstimeout
- bandwidth-control downlink
- bandwidth-control downlink rate
- bandwidth-control uplink
- bandwidth-control uplink rate
- show interface wireless
- show station
- show station statistics
- Wireless Security Commands
- Rogue AP Detection Commands
- Link Integrity Commands
- Link Layer Discovery Commands
- VLAN Commands
- WMM Commands
- QoS Commands
- Appendices
- Index of CLI Commands
- Index
Chapter 6
| Wireless Settings
Virtual Access Points (VAPs)
– 79 –
The following items are available for VAP security:
◆ Association Mode — Defines the mode with which the VAP will associate with
clients.
■
Open System: The VAP is configured by default as an “open system,” which
broadcasts a beacon signal including the configured SSID. Wireless clients
with an SSID setting of “any” can read the SSID from the beacon and
automatically set their SSID to allow immediate connection.
■
WPA: WPA employs a combination of several technologies to provide an
enhanced security solution for 802.11 wireless networks.
■
WPA-PSK: For enterprise deployment, WPA requires a RADIUS
authentication server to be configured on the wired network. However, for
small office networks that may not have the resources to configure and
maintain a RADIUS server, WPA provides a simple operating mode that uses
just a pre-shared password for network access. The Pre-Shared Key mode
uses a common password for user authentication that is manually entered
on the access point and all wireless clients. The PSK mode uses the same
TKIP packet encryption and key management as WPA in the enterprise,
providing a robust and manageable alternative for small networks.
■
WPA2: WPA was introduced as an interim solution for the vulnerability of
WEP pending the ratification of the IEEE 802.11i wireless security standard.
In effect, the WPA security features are a subset of the 802.11i standard.
WPA2 includes the now ratified 802.11i standard, but also offers backward
compatibility with WPA. Therefore, WPA2 includes the same 802.1X and PSK
modes of operation and support for TKIP encryption.
■
WPA2-PSK: Clients using WPA2 with a Pre-shared Key are accepted for
authentication.
■
WPA-WPA2 Mixed: Clients using WPA or WPA2 are accepted for
authentication.
■
WPA-WPA2-PSK-mixed: Clients using WPA or WPA2 with a Pre-shared Key
are accepted for authentication.
◆ Encryption Method — Selects an encryption method for the global key used
for multicast and broadcast traffic, which is supported by all wireless clients.
■
WEP: WEP is used as the multicast encryption cipher. You should select
WEP only when both WPA and WEP clients are supported.
■
TKIP: TKIP is used as the multicast encryption cipher.
■
AES-CCMP: AES-CCMP is used as the multicast encryption cipher. AES-
CCMP is the standard encryption cipher required for WPA2.