June 30, 2006
Confidential
Document Number BDTM10001-A05 Standard
BelAir100 User Guide
Wireless Security
• semicolon (;)
• question mark (?)
• double quotation mark (“)
You can also use WPA2 with a RADIUS server by specifying
eap
instead of a
pre-shared key. In this case, at least one RADIUS server must be
pre-configured.
The
ssid_index
parameter must be a valid SSID index. The default value is 1.
Example
/# cd radio
/radio# show arm1 wpa2
wpa2 authen : eap
wpa2 psk key : undef
state : enabled
Additional Considerations
Make sure to set an access radio SSID other than the default before enabling
WPA2. The BelAir100 unit combines the password phrase with your network’s
SSID to create the WPA2 key.
Wireless Client Access
Control List
You should only use this option as an extra security measure if:
• you cannot or prefer not to set up a RADIUS server
• your network provides access to network clients which do not support
802.1X/WPA authentication
In both cases, it is recommended that you enable pre-shared key encryption
(WEP, WPA1 or WPA2).
show arm<n> acl [ssidx <ssid_index>]
add arm<n> acl mac-addr <mac-address> [ssidx <ssid_index>]
del arm<n> acl mac-addr <mac-address> [ssidx <ssid_index>]
set arm<n> acl {enabled|disabled} [ssidx <ssid_index>]
These commands let you manage the current access control list.
You can create a local list of clients (an ACL) that have access to the network.
All other clients are denied access. Clients are identified by the MAC address of
their network card. If you have multiple BelAir100 units in your network, you
need to create this list for every Access Point.