User's Manual
Table Of Contents
- XS-3900 User’s Guide
- Front Matter
- Table of Contents
- List of Figures
- Introduction
- Installing the XS-3900
- Installation Prerequisites
- Planning Your Installation
- Installation Workflow
- Unpacking the XS-3900
- Installing the XS-3900
- Powering Up the XS-3900
- Establishing Communication with the Array
- Performing the Express Setup Procedure
- The Web Management Interface
- Configuring the XS-3900
- Logging In
- Making Configuration Changes to the XS-3900
- Array Status
- Express Setup
- Network Interfaces
- IAP Interfaces
- SSID Management
- Security
- Users
- Services
- Software
- Tools
- Event Log
- The Command Line Interface
- Establishing a Secure Shell (SSH) Connection
- Basic Commands
- Command Modes
- Selecting Interfaces
- Command Line Keywords
- Interface Selection
- Interface Configuration
- Radio Configuration
- Beacon Information
- System Administration
- System Testing
- Security
- Station Timeouts
- SSID Configuration
- DNS Configuration
- NTP Configuration
- DHCP Configuration
- Syslog Configuration
- SNMP Configuration
- Filters
- Radius Configuration
- Reports
- Data Handling
- Data Clearance
- Show Information
- Remove Configuration
- Help
- Appendix A: Quick Reference Guide
- Appendix B: Technical Support
- Glossary of Terms
- Index
Wireless LAN Array
Configuring the XS-3900 99
Other security considerations include:
z SSH versus Telnet: Be aware that Telnet is not secure over network
connections and should be used only with a direct serial port connection.
When connecting to the unit’s Command Line Interface over a network
connection, you must use a Secure SHell (SSH) utility. The most
commonly used freeware providing SSH tools is PuTTY.
z Configuration auditing: The optional Xirrus Wireless Management
System (XM-3300) offers powerful management features for small or
large XS-3900 deployments, and can audit your configuration settings
automatically. In addition, using the XM-3300 eliminates the need for an
FTP server.
z Choosing an encryption method: Wireless data encryption prevents
eavesdropping on data being transmitted or received over the airwaves.
The XS-3900 allows you to establish the following data encryption
configuration options:
z Open—this option offers no data encryption and is not
recommended, though you might choose this option if clients are
required to use a VPN connection through a secure SSH utility,
like PuTTy.
z WEP (Wired Equivalent Privacy)—this option provides minimal
protection (though much better than using an open network). An
early standard for wireless data encryption and supported by all
Wi-Fi certified equipment, WEP is vulnerable to hacking and is
therefore not recommended for use by Enterprise networks.
z WPA (Wi-Fi Protected Access)—this is a much stronger
encryption model than WEP and uses TKIP (Temporal Key
Integrity Protocol) with AES (Advanced Encryption Standard) to
prevent WEP cracks.
TKIP solves security issues with WEP. It also allows you to
establish encryption keys on a per-user-basis, with key rotation
for added security. In addition, TKIP provides Message Integrity
Check (MIC) functionality and prevents active attacks on the
wireless network.