Advanced Configuration AP-4000 Series User Guide
SSID/VLAN/Security
116
3. Place a check mark in the Enable VLAN Tagging box.
Provide Access to a Wireless Host in the Same Workgroup
The VLAN feature can allow wireless clients to manage the AP. If the VLAN Management ID matches a VLAN User ID,
then those wireless clients who are members of that VLAN will have AP management access.
CAUTION: Once a VLAN Management ID is configured and is equivalent to one of the VLAN User IDs on the AP, all
members of that User VLAN will have management access to the AP. Be careful to restrict VLAN
membership to those with legitimate access to the AP.
1. Click Configure > SSID/VLAN/Security > Mgmt VLAN.
2. Set the VLAN Management ID to use the same VLAN ID as one of the configured SSIDs.
3. Place a check mark in the Enable VLAN Tagging box.
Disable VLAN Tagging
1. Click Configure > SSID/VLAN/Security > Mgmt VLAN.
2. Remove the check mark from the Enable VLAN Tagging box (to disable all VLAN functionality) or set the VLAN
Management ID to -1 (to disable VLAN Tagging only).
NOTE: If you disable VLAN Tagging, you will be unable to configure security per SSID.
Security Profile
The AP supports the following security features:
• WEP Encryption: The original encryption technique specified by the IEEE 802.11 standard.
• 802.1x Authentication: An IEEE standard for client authentication.
• Wi-Fi Protected Access (WPA/802.11i [WPA2]): A new standard that provides improved encryption security over WEP.
NOTE: The AP does not support shared key 802.11 MAC level authentication. Clients with this MAC level feature must
disable it.
WEP Encryption
The IEEE 802.11 standards specify an optional encryption feature, known as Wired Equivalent Privacy or WEP, that is
designed to provide a wireless LAN with a security level equal to what is found on a wired Ethernet network. WEP
encrypts the data portion of each packet exchanged on an 802.11 network using an Encryption Key (also known as a
WEP Key).
When Encryption is enabled, two 802.11 devices must have the same Encryption Keys and both devices must be
configured to use Encryption in order to communicate. If one device is configured to use Encryption but a second device
is not, then the two devices will not communicate, even if both devices have the same Encryption Keys.
802.1x Authentication
IEEE 802.1x is a standard that provides a means to authenticate and authorize network devices attached to a LAN port.
A port in the context of IEEE 802.1x is a point of attachment to the LAN, either a physical Ethernet connection or a
wireless link to an Access Point. 802.1x requires a RADIUS server and uses the Extensible Authentication Protocol
(EAP) as a standards-based authentication framework, and supports automatic key distribution for enhanced security.
The EAP-based authentication framework can easily be upgraded to keep pace with future EAP types.
Popular EAP types include:
• EAP-Message Digest 5 (MD5): Username/Password-based authentication; does not support automatic key
distribution
• EAP-Transport Layer Security (TLS): Certificate-based authentication (a certificate is required on the server and each
client); supports automatic key distribution