Advanced Configuration
Security
The AP provides several security features to protect your network from unauthorized access.
•
Authentication and Encryption Modes
•
•
Rogue Access Point Detection (RAD)
Authentication and Encryption Modes
The AP supports the following Security features:
•
: The original encryption technique specified by the IEEE 802.11 standard.
•
: An IEEE standard for client authentication.
•
: A new standard that provides improved encryption security over WEP.
WEP Encryption
The IEEE 802.11 standards specify an optional encryption feature, known as Wired Equivalent Privacy or WEP, that is
designed to provide a wireless LAN with a security level equal to what is found on a wired Ethernet network. WEP
encrypts the data portion of each packet exchanged on an 802.11 network using an Encryption Key (also known as a
WEP Key).
When Encryption is enabled, two 802.11 devices must have the same Encryption Keys and both devices must be
configured to use Encryption in order to communicate. If one device is configured to use Encryption but a second
device is not, then the two devices will not communicate, even if both devices have the same Encryption Keys.
• An 802.11b AP supports 64-bit and 128-bit encryption:
–
For 64-bit encryption, an encryption key is 10 hexadecimal characters (0-9 and A-F) or 5 ASCII characters
(see
–
For 128-bit encryption, an encryption key is 26 hexadecimal characters or 13 ASCII characters.
• An 802.11a or 802.11b/g AP supports 64-bit, 128-bit, and 152-bit encryption:
–
For 64-bit encryption, an encryption key is 10 hexadecimal characters (0-9 and A-F) or 5 ASCII characters
(see
–
For 128-bit encryption, an encryption key is 26 hexadecimal characters or 13 ASCII characters.
–
For 152-bit encryption, an encryption key is 32 hexadecimal characters or 16 ASCII characters.
NOTE
64-bit encryption is sometimes referred to as 40-bit encryption; 128-bit encryption is sometimes referred to as
104-bit encryption.
802.1x Authentication
IEEE 802.1x is a standard that provides a means to authenticate and authorize network devices attached to a LAN
port. A port in the context of IEEE 802.1x is a point of attachment to the LAN, either a physical Ethernet connection or
a wireless link to an Access Point. 802.1x requires a
server and uses the Extensible Authentication Protocol
(EAP) as a standards-based authentication framework, and supports automatic key distribution for enhanced security.
The EAP-based authentication framework can easily be upgraded to keep pace with future EAP types.
Popular EAP types include:
•
EAP-Message Digest 5 (MD5): Username/Password-based authentication; does not support automatic key
distribution
•
EAP-Transport Layer Security (TLS): Certificate-based authentication (a certificate is required on the server and
each client); supports automatic key distribution
•
EAP-Tunneled Transport Layer Security (TTLS): Certificate-based authentication (a certificate is required on the
server; a client’s username/password is tunneled to the server over a secure connection); supports automatic key
distribution
•
PEAP - Protected EAP with MS-CHAP v2: Secure username/password-based authentication; supports automatic
key distribution
Different servers support different EAP types and each EAP type provides different features. Refer to the
documentation that came with your RADIUS server to determine which EAP types it supports.
4-34