User Security
Installation and Configuration Guide, (CQW-AP108AG)
139
User Security
Acceptable and effective solutions for user authentication depend upon the network size,
complexity, and existing authentication infrastructure.
Current user authentication standards are based on the IEEE 802.1x specification, which identifies
users and permits connectivity based upon policies established in a central server. Many
authentication servers use the Remote Authentication Dial-In User Service (RADIUS) protocol,
which enables remote access servers to communicate with the central server to authenticate users
and authorize service or system access. Within the RADIUS context, the most effective
authentication methods use versions of the Extensible Authentication Protocol (EAP) for the end-
to-end authentication of the client by the authentication server.
The 108 Mbps Wireless AP can meet all the user authentication needs for the full range of wireless
networks. (See Chapter 2, “Planning Your Installation.”) PLANEX supports several modes of
authentication, as listed in Table 11. WPA-PSK uses pre-shared keys (PSK) that is configured
directly by the administrator into the AP and network clients. Based on the network wide key, the
clients and AP receive unique session keys for each client session. This approach can be effective
for small businesses for whom strong encryption is desired but a centralized authentication
infrastructure is not available. EAP-TLS (EAP with Transport Layer Security) is a certificate-based
authentication method based on the TLS protocol. The RADIUS security services within the 108
Mbps Wireless AP provide EAP-TLS for user authentication. PLANEX also supports integration
with RADIUS servers that support EAP-TLS or EAP-PEAP.
In addition to the EAP-based authentication methods, PLANEX supports WEP-based encryption
for legacy clients. PLANEX also supports the option of no user authentication.
Data Encryption
Table 12 lists the available options for data encryption, in order of decreasing protection. The
current standard for data encryption is WPA-AES, which provides financial-grade protection. The
WEP encryption options use 64-bit or 128-bit encryption keys, assigned manually or dynamically,
as dictated by the capabilities of the client. These offer some protection against casual interlopers;
however, the WEP algorithms are vulnerable to compromise and can be difficult to maintain.
WPA-TKIP closes the major WEP loopholes and can be an acceptable alternative to standard WEP.
Table 11:
Authentication Options
Type
Description
EAP-TLS
Certificate-based authentication, used by the PLANEX security services portal
and many external RADIUS servers
EAP-PEAP
EAP-PEAP RADIUS based authentication
WPA - PSK
Authentication acceptable for small to mid-size installations, in which manual
distribution of keys is convenient and centralized management is not required
Dynamic WEP with
802.1x
Not recommended due to limitations of the WEP algorithms. If it is necessary
to use this option to support legacy equipment, make sure that a RADIUS
server configured for the SSID. The RADIUS server should be configured to
support EAP-TLS or EAP-PEAP. Note that the 108Mbps Wireless LAN PC
Card does not support dynamic WEP.
None
No user authentication
Summary of Contents for CQW-AP108AG
Page 2: ......
Page 13: ...Preface xiii Installation and Configuration Guide CQW AP108AG ...
Page 67: ...3 Using the Configuration Interfaces 54 Installation and Configuration Guide CQW AP108AG ...
Page 113: ...4 Configuring Radio Settings 100 Installation and Configuration Guide CQW AP108AG ...
Page 141: ...5 Configuring Networking Settings 128 Installation and Configuration Guide CQW AP108AG ...
Page 149: ...6 Configuring a Wireless Backhaul 136 Installation and Configuration Guide CQW AP108AG ...
Page 167: ...7 Managing Security 154 Installation and Configuration Guide CQW AP108AG ...
Page 177: ...8 Configuring Guest Access 164 Installation and Configuration Guide CQW AP108AG ...
Page 223: ...9 Managing the Network 210 Installation and Configuration Guide CQW AP108AG ...
Page 241: ...10 Maintaining the Access Point 228 Installation and Configuration Guide CQW AP108AG ...
Page 245: ...A Using the Command Line Interface 232 Installation and Configuration Guide CQW AP108AG ...
Page 247: ...B Regulatory and License Information 234 Installation and Configuration Guide CQW AP108AG ...
Page 289: ...C Alarms 276 Installation and Configuration Guide CQW AP108AG ...