User's Manual
Table Of Contents
- XS-3900 User’s Guide
- Front Matter
- Table of Contents
- List of Figures
- Introduction
- Installing the XS-3900
- Installation Prerequisites
- Planning Your Installation
- Installation Workflow
- Unpacking the XS-3900
- Installing the XS-3900
- Powering Up the XS-3900
- Establishing Communication with the Array
- Performing the Express Setup Procedure
- The Web Management Interface
- Configuring the XS-3900
- Logging In
- Making Configuration Changes to the XS-3900
- Array Status
- Express Setup
- Network Interfaces
- IAP Interfaces
- SSID Management
- Security
- Users
- Services
- Software
- Tools
- Event Log
- The Command Line Interface
- Establishing a Secure Shell (SSH) Connection
- Basic Commands
- Command Modes
- Selecting Interfaces
- Command Line Keywords
- Interface Selection
- Interface Configuration
- Radio Configuration
- Beacon Information
- System Administration
- System Testing
- Security
- Station Timeouts
- SSID Configuration
- DNS Configuration
- NTP Configuration
- DHCP Configuration
- Syslog Configuration
- SNMP Configuration
- Filters
- Radius Configuration
- Reports
- Data Handling
- Data Clearance
- Show Information
- Remove Configuration
- Help
- Appendix A: Quick Reference Guide
- Appendix B: Technical Support
- Glossary of Terms
- Index
Wireless LAN Array
100 Configuring the XS-3900
AES is the strongest encryption standard and is used by
government agencies; however, old legacy hardware may not be
capable of supporting the AES mode (it probably won’t work on
older wireless clients). Because AES is the strongest encryption
standard currently available, it is highly recommended for
Enterprise networks.
Any of the above encryption modes can be used, but only one may be
used per SSID. If multiple security methods are needed, you must define
multiple SSIDs.
z Choosing an authentication method: User authentication ensures that
users are who they say they are. For this purpose, the XS-3900 allows you
to choose between the following user authentication methods:
z Pre-Shared Key—users must manually enter a key (passphrase)
on the client side of the wireless network that matches the key
stored by the administrator in the XS-3900.
This method should be used only for smaller networks when a
RADIUS server is unavailable. If PSK must be used, choose a
strong passphrase containing at least 12 characters (20 is
preferred). Always use a combination of letters, numbers and
special characters. Never use English words separated by spaces.
z RADIUS 802.1x with EAP—802.1x uses a RADIUS server to
authenticate large numbers of clients, and can handle different
EAP (Extensible Authentication Protocol) authentication
methods, including EAP-TLS, EAP-TTLS and EAP-PEAP. The
RADIUS server can be internal (provided by the XS-3900) or
external. An external RADIUS server offers more functionality
and security, and is recommended for large deployments. When
using this method, user names and passwords must be entered
into the RADIUS server for user authentication.
The XS-3900 will accept up to 512 ACL entries.