LANCOM OAP
-
54 Wireless and LANCOM OAP
-
310agn Wireless
Chapter 4: Security settings
49
EN
third-party products is assured as LEPS only involves configuration in the
access point.
An additional security aspect: LEPS can also be used to secure single point-
to-point (P2P) connections with an individual passphrase. Even if an access
point in a P2P installation is stolen and the passphrase and MAC address
become known, all other WLAN connections secured by LEPS remain protec-
ted, particularly when the ACL is stored on a RADIUS server.
Guest access with LEPS:
LEPS can also be set up to allow access to
guests. To this end, all users of the internal WLAN network are given
individual passphrases. Guests can make use of their own dedicated
SSID and a global passphrase. To avoid abuse, the this global pass-
phrase can be changed on a regular basis—every few days,
for example.
4.1.4
Access control by MAC address
Every network device has a unique identification number. This identification
number is known as the MAC address (
M
edia
A
ccess
C
ontrol) and it is unique
worldwide.
The MAC address is programmed into the hardware. Wireless LAN devices
from LANCOM Systems display their MAC number on the housing.
Access to an infrastructure network can be limited to certain wireless LAN
devices by defining MAC addresses. The access points have filter lists in (ACL
– access control list) for storing authorized MAC addresses.
4.1.5
IPSec over WLAN
With the help of the IPSec-over-WLAN technology in addition to the security
measures described already, a wireless network for the exchange of especially
sensitive data can be optimally secured. Required for this is a base station
with VPN support and the LANCOM Advanced VPN Client that operates under
Windows 2000, XP and Windows Vista™. Client software from third parties is
available for other operating systems.