Configuring Virtual Access Point Security 43
4 Configuring Access Point Security
Additionally, this mode incorporates a RADIUS server for user authentication which makes
WPA Enterprise more secure than WPA Personal mode.
Use the following guidelines for choosing options within the WPA Enterprise mode security
mode:
1. Currently, the best security you can have on a wireless network is WPA Enterprise mode
using AES-CCMP encryption algorithm. AES is a symmetric 128-bit block data
encryption technique that works on multiple layers of the network. It is the most effective
encryption system currently available for wireless networks. If all clients or other APs on
the network are WPA/CCMP compatible, use this encryption algorithm. (If all clients are
WPA2 compatible, choose to support only WPA2 clients.)
2. The second best choice is WPA Enterprise with the encryption algorithm set to both TKIP
and CCMP. This lets WPA client stations without CCMP associate, uses TKIP for
encrypting
Multicast
and
Broadcast
frames, and allows clients to select whether to use
CCMP or TKIP for
Unicast
(AP-to-single-station) frames. This WPA configuration allows
more interoperability, at the expense of some security. Client stations that support CCMP
can use it for their
Unicast
frames. If you encounter AP-to-station interoperability
problems with the “Both” encryption algorithm setting, then you will need to select TKIP
instead. (See next bullet.)
3. The third best choice is WPA Enterprise with the encryption algorithm set to
TKIP
. Some
clients have interoperability issues with CCMP and TKIP enabled at same time. If you
encounter this problem, then choose TKIP as the encryption algorithm. This is the
standard WPA mode and is usually interoperable with client Wireless software security
features.
Enabling Station Isolation
When Station Isolation is enabled, the access point blocks communication between wireless
clients associated with the same radio on the access point. The access point still allows data
traffic between its wireless clients and wired devices on the network, but not among wireless
clients. You enable station isolation on the Wireless settings page. For more information, see
“Setting the Wireless Interface”
on page 55.
Configuring Virtual Access Point Security
You configure secure wireless client access by configuring security for each virtual access
point (VAP) that you enable. You can configure up to eight VAPs per radio that simulate
multiple APs in one physical access point. By default, only one VAP is enabled. For each VAP,
you can configure a unique security mode to control wireless client access.
VAPs segment the wireless LAN into multiple broadcast domains and are the wireless
equivalent of Ethernet VLANs. You can configure each VAP with a unique SSIDs so that each
VAP represents a different wireless network for clients to access. By configuring VAPs, you
can maintain better control over broadcast and multicast traffic, which affects network
performance.
Содержание DWL-3500AP
Страница 2: ...2 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 6: ...6 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 8: ...8 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 14: ...14 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 24: ...24 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 38: ...38 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 90: ...90 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 124: ...124 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...