User's Manual
Table Of Contents
- XS-3900 User’s Guide
- Front Matter
- Table of Contents
- List of Figures
- Introduction
- Installing the XS-3900
- Installation Prerequisites
- Planning Your Installation
- Installation Workflow
- Unpacking the XS-3900
- Installing the XS-3900
- Powering Up the XS-3900
- Establishing Communication with the Array
- Performing the Express Setup Procedure
- The Web Management Interface
- Configuring the XS-3900
- Logging In
- Making Configuration Changes to the XS-3900
- Array Status
- Express Setup
- Network Interfaces
- IAP Interfaces
- SSID Management
- Security
- Users
- Services
- Software
- Tools
- Event Log
- The Command Line Interface
- Establishing a Secure Shell (SSH) Connection
- Basic Commands
- Command Modes
- Selecting Interfaces
- Command Line Keywords
- Interface Selection
- Interface Configuration
- Radio Configuration
- Beacon Information
- System Administration
- System Testing
- Security
- Station Timeouts
- SSID Configuration
- DNS Configuration
- NTP Configuration
- DHCP Configuration
- Syslog Configuration
- SNMP Configuration
- Filters
- Radius Configuration
- Reports
- Data Handling
- Data Clearance
- Show Information
- Remove Configuration
- Help
- Appendix A: Quick Reference Guide
- Appendix B: Technical Support
- Glossary of Terms
- Index
Wireless LAN Array
32 Installing the XS-3900
z Wi-Fi Protected Access 2
This is government-grade encryption—available on most new client
adapters—and uses the AES–CCM encryption mode (Advanced
Encryption Standard–Counter Mode).
Authentication
Authentication ensures users are who they say they are, and occurs when users
attempt to join the wireless network and periodically there after. The following
authentication methods are available with the XS-3900:
z RADIUS 802.1x
802.1x uses a remote RADIUS server to authenticate large numbers of
clients, and can handle different authentication methods (EAP-TLS, EAP-
TTLS EAP-PEAP).
z Xirrus internal RADIUS server
Includes all the core functionality of a full RADIUS server built into the
Xirrus XS-3900. Recommended for smaller numbers of users (about 100
or less).
z Pre-Shared Key
Uses a pass-phrase or key that is manually distributed to all authorized
users. The same passphrase is given to client devices and entered into
each Xirrus array.
z MAC Access Control Lists (ACLs)
MAC access control lists provide a list of client adapter MAC addresses
that are allowed or denied access to the wireless network, and can be
used in addition to any of the above authentication methods. ACLs are
good for embedded devices, like printers and bar-code scanners (though
MAC addresses can be spoofed). The XS-3900 supports 512 ACL entries.