Allied Telesis AT-WA7500 Network Card User Manual

Open as PDF

of 339

Chapter 6: Configuring Security

196

Enabling Secure Communications Between Access Points

When you configure a radio to use 802.1x security, you automatically

enable spanning tree security, which can be used for both wired access

points and WAPs. A secure spanning tree has two functions:

1. To require authentication of any access point attempting to join the

spanning tree.

2. To provide encryption of critical Inter-Access Point Protocol (IAPP)

frames.

There are three authentication methods that you can use to secure the

spanning tree: SWAP, TTLS, or TLS.

When the Access Point Is the Supplicant

By default, TTLS is enabled. If you want to use TTLS, you must also enter

a user name and password. This login must match an entry in the

authentication server database. When the access point is acting as a

supplicant and the authentication server offers the TTLS protocol, the

access point sends its user name and password.

You can also enable TLS as the authentication method. You must install a

server certificate on each access point that will use this method to

authenticate to the network. When the access point is acting as a

supplicant and the authentication server offers the TLS protocol, the

access point sends its certificate credentials.

If you choose to use both TTLS and TLS, you must choose which protocol

the access point offers first and the access point must have a login

configured and a server certificate.

By default, Secure Wireless Authentication Protocol (SWAP) is also

enabled. The access point tells the authenticator that it can perform

SWAP. If the authenticator allows SWAP, SWAP is used. SWAP allows

access points to authenticate using an EAP-MD5 challenge. If the

supplicant or the authenticator does not allow SWAP, the authentication

must happen at the authentication server using TTLS or TLS.

When the Access Point Is the Authenticator

If the Allow SWAP check box is cleared, the access point that is acting as

the authenticator will not perform any authentications using SWAP.

Supplicants will need to authenticate with the authentication server using

TTLS or TLS.

However, older access points do not support these authentication

methods. If the Allow SWAP check box is checked, the access point that is

acting as the authenticator will authenticate any supplicants that offer

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Allied Telesis AT-WA7500 Network Card User Manual