2. Specify the name of the MAC ACL file on the TFTP server in the
MAC ACL file name
text
box.
3. Click
Download
.
3.5.2.2. LAN-to-LAN Bridge Interface
Fig. 55. IEEE 802.11g security settings for a LAN-to-LAN bridge interface.
Data transmitted over the bridge links can be encrypted by WEP (Wired Equivalent Privacy). There-
fore, there are 3 security modes:
Open System.
No data encryption.
Static WEP.
WEP (Wired Equivalent Privacy) keys must be manually configured.
When Static WEP is chosen as the security mode, the
Key length
can be specified to be
64 Bits
or
128 Bits
. The
Selected key
setting specifies the key to be used as a
send-key
for encrypting outgoing
WDS traffic. All 4 WEP keys are used as
receive-keys
to decrypt incoming WDS traffic.
NOTE:
Each field of a WEP key setting is a
hex-decimal
number from 00 to FF. For example, when
the security mode is
Static WEP
and the key length is
64 Bits
, you could set Key 1 to
“00012E3ADF”.
3.5.3. IEEE 802.1x/RADIUS
IEEE 802.1x
Port-Based Network Access Control
is a new standard for solving some security issues
associated with IEEE 802.11, such as lack of user-based authentication and dynamic encryption key
distribution. With IEEE 802.1x and the help of a RADIUS (Remote Authentication Dial-In User Ser-
vice) server and a user account database, an enterprise or ISP (Internet Service Provider) can manage
its mobile users' access to its wireless LANs. Before granted access to a wireless LAN supporting
IEEE 802.1x, a user has to issue his or her
user name
and
password
or
digital
certificate
to the
backend RADIUS server by EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS
server can record accounting information such as when a user logs on to the wireless LAN and logs
off from the wireless LAN for monitoring or billing purposes.
The IEEE 802.1x functionality of the advanced wireless access point is controlled by the
security
mode
(see Section 3.5.2.1). So far, the wireless access point supports two authentication mecha-
nisms—EAP-MD5 (Message Digest version 5) and EAP-TLS (Transport Layer Security). If
EAP-MD5 is used, the user has to give his or her
user name
and
password
for authentication. If
EAP-TLS is used, the wireless client computer automatically gives the user’s
digital certificate
that is
stored in the computer hard disk or a smart card for authentication. And after a successful EAP-TLS
authentication, a session key is automatically generated for wireless packets encryption between the
35