User's Guide
Wireless Array
Configuring the Wireless Array 211
The encryption mode (WEP, WPA, etc.) is selected in the SSIDs >SSID
Management window (see “SSID Management” on page 253).
The encryption standard used with WPA or WPA2 (AES or TKIP) is
selected in the Security>Global Settings window under WPA Settings
(see “Global Settings” on page 230).
z
Choosing an authentication method: User authentication ensures that
users are who they say they are. For this purpose, the Array allows you to
choose between the following user authentication methods:
• Pre-Shared Key — users must manually enter a key (passphrase)
on the client side of the wireless network that matches the key
stored by the administrator in the Array.
This method should be used only for smaller networks when a
RADIUS server is unavailable. If PSK must be used, choose a
strong passphrase containing between 8 and 63 characters (20 is
preferred). Always use a combination of letters, numbers and
special characters. Never use English words separated by spaces.
• RADIUS 802.1x with EAP — 802.1x uses a RADIUS server to
authenticate large numbers of clients, and can handle different
EAP (Extensible Authentication Protocol) authentication
methods, including EAP-TLS, EAP-TTLS, EAP-PEAP, and LEAP-
Passthrough. The RADIUS server can be internal (provided by
the Wireless Array) or external. An external RADIUS server
offers more functionality and security, and is recommended for
large deployments. When using this method, user names and
passwords must be entered into the RADIUS server for user
authentication.
• MAC Address ACLs (Access Control Lists) — MAC address
ACLs provide a list of client adapter MAC addresses that are
allowed or denied access to the wireless network. Access Control
Lists work well when there are a limited number of users — in
this case, enter the MAC address of each user in the Allow list. In
the event of a lost or stolen MAC adapter, enter the affected MAC