90
Performing Advanced Configuration
Configuring Security Profiles
Security policies can be configured and applied on the AP as a whole, or on a per VLAN basis. When VLAN is disabled
on the AP, the user can configure a security profile for each interface of the AP. When VLANs are enabled and
Security per SSID is enabled, the user can configure a security profile for each VLAN.
The user defines a security policy by specifying one or more values for the following parameters:
• Wireless STA types (WPA station, 802.11i station, 802.1x station, WEP station) that can associate to the AP.
• Authentication mechanisms (802.1x, RADIUS MAC authentication) that are used to authenticate clients for each
type of station.
• Cipher Suites (CCMP, TKIP, WEP) used for encapsulating the wireless data for each type of station.
Up to 16 security profiles can be configured per wireless interface.
1. Click Configure -> SSID/VLAN/Security -> Security Profile.
Figure 4-26 Security Profile Sub-tab
2. Click Add in the Security Profile Table to create a new entry. To modify an existing profile, select the profile and
click Edit. To delete an existing profile, select the profile and click Delete. You cannot delete a Security Profile
used in an SSID. Also, the first Security Profile (index 1.1 to 1.7) cannot be deleted.
3. Configure one or more types of wireless stations (security modes) that are allowed access to the AP under the
security profile. The WEP/PSK parameters are separately configurable for each security mode. To enable a
security mode in the profile (Non Secure Station, WEP Station, 802.1x Station, WPA Station, WPA-PSK Station,
802.11i Station, 802.11i-PSK Station), check the box next to the mode. See Figure 4-27 on page 92.
If the security mode selected in a profile is WEP, WPA-PSK, or 802.11i-PSK, then you must configure the WEP or
Pre-Shared Keys.
4. Configure the parameters as follows for each enabled security mode. Refer to Figure 4-27 on page 92.
• Non Secure Station:
• Authentication Mode: None. The AP allows access to Stations without authentication.
• Non secure station should be used only with WEP or 802.1x security mode.
• Cipher: None
• WEP Station:
• Authentication Mode: None
• Cipher: WEP
• Encryption Key 0, Encryption Key 1, Encryption Key 2, Encryption Key 3
• Encryption Transmit Key: select Key 0, Key 1, Key 2, or Key 3