User`s guide

Configuration Parameters 34
Harmony Security Protocol Guidelines
If you want to use the Harmony Security Protocol on your network, you must
enable the protocol on all of your network’s Harmony 802.11a Access Points and
Harmony 802.11a clients.
At this time, the Harmony Security Protocol’s client application supports
Windows 98 SE, Windows ME, Windows 2000 Professional, and Windows XP.
The protocol does not support Windows 2000 Server or Windows NT 4.0.
The Harmony Security Protocol is only available for clients that are operating in
Infrastructure mode.
The Harmony Security Protocol requires that you have one or more Access Point
Controllers installed on the network.
A network administrator who manages the network’s Harmony Access Point
Controller(s) must assign each user a Harmony User Name and Password and
enter this information into the Harmony System’s User Database. Refer to the
Harmony Access Point Controller User’s Guide
for details.
If you enable the Harmony Security Protocol, you do not need to configure WEP
Keys on an 802.11a client (the Harmony System will generate keys for you).
802.1x
802.1x is an IEEE security standard for authenticating users on local area networks
based on the Extensible Authentication Protocol (EAP). For more information on this
standard, refer to the IEEE Web site at http://www.ieee.org/.
On a wireless LAN with 802.1x enabled, an Access Point will block all traffic from a
wireless client until after the user has been authenticated by the network’s RADIUS
(Remote Authentication Dial-In User Service) server. Proxim supports the following
RADIUS servers for use with Harmony 802.11a products:
• Microsoft Windows 2000 Internet Authentication Service (IAS) Server
• Funk Odyssey Server
Note: You may also need to install additional components based upon the server’s
requirements and EAP authentication type. For example, EAP-TLS requires a
Certificate Authority (CA) and that digital certificates be installed on the
RADIUS server and each wireless client.
EAP is a flexible protocol which does not specify an authentication type. The available
authentication types will vary based upon your RADIUS server and your client
software; many offer advanced features such as mutual authentication between client
and server and data encryption. For data encryption, a RADIUS server generates a
unique WEP Key for each user following authentication. This WEP Key is used to
encrypt unicast packets between the Access Point and wireless client. To encrypt
broadcast packets, the Access Point and its clients use the AP’s configured Global
WEP Keys.