BelAir100SN User Guide
Wi-Fi AP Security
May 31, 2010
Confidential
Document Number BDTM11001-A01 Released
If multiple SSIDs are configured, each SSID can be configured with its own
security options.
The authentication options are:
• instruct the AP to connect to a Remote Authentication Dial In User Service
(RADIUS) server in your network that keeps a list of accepted clients.
RADIUS is a standard for user authentication. For this option, you need a
RADIUS server. Multiple BelAir100SN units can share the information from
the same RADIUS server.
• use a pre-shared key. This is a simpler authentication option, but more
difficult to maintain because pre-shared keys must be distributed to all users.
You can also create a list of accepted clients; that is, an Access Control List
(ACL). This option is best suited for small networks.
The encryption options are:
• Wired Equivalent Privacy (WEP). This is a basic encryption scheme.
• Temporal Key Integrity Protocol (TKIP). This is an more advanced
encryption scheme.
• Advance Encryption Standard (AES). This is the strongest encryption
scheme.
BelAir Wi-Fi radios offer WEP, WPA, WPA2 and WPA2mixed privacy settings.
With WPA2mixed, the wireless client can use WPA or WPA2, and the AP
accepts them both. WPA, WPA2 and WPA2mixed privacy uses TKIP or AES
encryption. Because of this, WPA, WPA2 and WPA2mixed provide much
stronger security than WEP. For small networks, you can use WEP or WPA
with pre-shared keys. For large networks, you can use WPA, WPA2 or
WPA2mixed in combination with dot1x (a RADIUS server) authentication.
CAUTION!
RADIUS authentication, WPA or WPA2 can only be used with wireless clients
that support these standards (both the operating system and the network card).
For clients that only support WEP, select a combination with WEP.
Note: A network is as secure as its weakest link. If WEP is enabled, the overall
level of network security will be that of WEP.
RADIUS Servers
for Wireless
Clients
To use RADIUS authentication, you need to configure at least one RADIUS
server.