Filter
Top Products
Chapter 6: Configuring Security
172
Use an 802.1x security solution. 802.1x security provides a framework
to authenticate user traffic to a protected wireless network. Using
802.1x security provides secure data transmission by creating a
secure spanning tree and dynamically rotating the WEP keys. You
configure the access point as an authenticator. For the authentication
server, you can either use an external RADIUS server or you can use
the access point’s embedded authentication server (EAS). For help,
see “Implementing an 802.1x Security Solution” on page 192.
Use Wi-Fi Protected Access (WPA) security. WPA is a strongly
enhanced, interoperable Wi-Fi security that addresses many of the
vulnerabilities of Wired Equivalent Privacy (WEP). For help, see
“Configuring Wi-Fi Protected Access (WPA) Security” on page 199.
For help troubleshooting security, see “Troubleshooting Security” on
page 255.
When You
Configure
Different SSIDs
with Different
Security Settings
You can configure each 802.11g and 802.11a radio with up to four SSIDs
or service sets. Although each service set shares one physical radio
configuration, you can configure each service set with a different security
configuration. Also, you can configure each service set for a separate
VLAN. For example, you can configure:
primary service set for WPA/PSK.
secondary 1 service set for WPA/802.1x and VLAN 13.
secondary 2 service set for static WEP and an ACL.
secondary 3 service set for Dynamic WEP/802.1x and VLAN 150.
Note that using multiple services sets is not part of the Wi-Fi standard.
When multiple service sets are enabled, the SSID is hidden in the
beacons, which is similar to checking the Disallow Network Name of 'ANY'
check box. The access point master radio only sends a beacon from the
primary service set. However, if an end device's radio sends a probe
request for an SSID that belongs to a secondary service set, then the
access point radio will send a probe response from that service set.
Many end device radios do not support using multiple service sets to
implement a mixed security environment. The radios do not understand
different security information coming from the beacons and probe
responses. This means:
if any type of security is set on the primary service set, then the
secondary service sets should also the same type of security.
if no security is set on the primary service set, then the secondary
service sets cannot use any type of security.
For example, you have an access point with an 802.11g radio. You
configure the primary service set for WPA/PSK and you do not configure
any security for the secondary 1 service set. An older end device with an