User Manual
Table Of Contents
- Contents
- Introducing the ProCurve Wireless Access Point 10ag
- Installing the Access Point
- Before You Begin
- Installation Precautions
- Summary of Installation Tasks
- Installation Procedures
- Getting Started With Access Point Configuration
- Setting Up the Access Point
- Configuring Basic Settings
- Configuring Basic Wireless Settings
- Configuring the Security Settings
- Controlling Access to the Wireless Network
- Configuring Advanced Wireless Settings
- Setting the SNMP Community Names
- Managing the Access Point
- Troubleshooting
- Specifications
- Access Point Port and Network Cables
- Safety and EMC Regulatory Statements
- Open Source Licenses
- Recycle Statements
In addition, user data is transmitted over the air without being encrypted, and
is subject to being intercepted by client stations anywhere within range that
want to eavesdrop on the wireless network.
Wireless network security requires attention to three main areas:
■ Authentication: Verifying that stations attempting to connect to the
network are authorized users before granting access to the network.
■ Encryption: Encrypting data that passes between the access point and
stations (to protect against interception and eavesdropping).
■ Key Management: Assigning unique data encryption keys to each wire-
less station session, and periodically changing the encryption keys to
minimize risk of their potential discovery.
Authentication
The two ways of authenticating users on the Access Point 10ag are:
■ MAC Authentication: Based on the user's wireless station MAC address.
■ 802.1X Authentication: Based on the user credentials, such as; username/
password, digital certificates, etc.
MAC Authentication. MAC authentication of users can be done either
using a remote authentication server like a RADIUS server or by creating a
local database on the access point itself. MAC authentication is not as secure
as 802.1X authentication, as it is easy to decipher and spoof for unauthorized
network access.
802.1X Authentication. User 802.1X authentication can be implemented
either using a remote authentication server, such as a RADIUS server or by
using the local built-in RADIUS server on the access point itself. The user's
credentials are exchanged with the servers (both remote and local built-in)
using a mechanism called “Extensible Authentication Protocol (EAP)”. EAP
is a public-key encryption system to ensure that only authorized network users
can access the network. In wireless communications using EAP, a user
requests connection to a WLAN through an access point, which then requests
the identity of the user and transmits that identity to an authentication server
such as RADIUS. The server asks the access point for proof of identity, which
the access point gets from the user and sends back to the server to complete
the authentication. Local built-in RADIUS server supports only one EAP type
- PEAP-MSCHAPv2. For remote server authentication, the access point serves
as an intermediate authenticator to transparently pass any EAP type to the
remote server as specified in RFC3748.