June 30, 2006
Confidential
Document Number BDTM10001-A05 Standard
BelAir100 User Guide
Wireless Security
Wireless Security
This chapter describes how you can set up security to encrypt your wireless
transmissions so that your data cannot be deciphered if it is intercepted, and to
prevent access to the network by unauthorized clients. The following topics are
covered:
• “Configuring Security for Wireless Clients” on page 59
• “Configuring Security for Backhaul Links” on page 69
• “Controlling Inter-client Communication” on page 71
• “Detecting Rogue Access Points” on page 74
For full details on radio module security configuration, see the
BelAir100 Radio
Command Line Interface Guide.
Configuring
Security for
Wireless Clients
The BelAir100 has several options for wireless authentication and data
encryption. The method that you use depends on your security needs and your
network configuration.
If multiple SSIDs are configured, each SSID can be configured with its own
security options.
The authentication options are:
• instruct the Access Point to connect to a Remote Authentication Dial In
User Service (RADIUS) server in your network that keeps a list of accepted
clients. RADIUS is a standard for user authentication.
For this option, you need a RADIUS server. Multiple BelAir100 units can
share the information from the same RADIUS server.
• use a pre-shared key. This is a simpler authentication option, but more
difficult to maintain because pre-shared keys must be distributed to all
users.
You can also create a list of accepted clients; that is, an Access Control List
(ACL). This option is best suited for small networks.
The encryption options are:
• Wired Equivalent Privacy (WEP). This is a basic encryption scheme.
• Temporal Key Integrity Protocol (TKIP). This is an more advanced
encryption scheme.
• Advance Encryption Standard (AES). This is the strongest encryption
scheme.