beautypg.com

2 securing the wlan with radius – AASTRA SIP-DECT (Release 1.8)-Installation- and Administration Guide EN User Manual

Page 61

background image

Installation, Administration and Maintenance

Aastra

depl-0900/0.4

Page: 61 (104)

RTS Threshold

If the network throughput is low or there are many retransmissions, RTS
clearing can be activated by reducing the RTS threshold value. This can
improve throughput, especially in environments where reflection and
attenuation cause problems for HF.

Fragmentation Threshold

In environments where there is lot of interference and poor radio quality,
reducing the fragment size can improve the effective throughput. However, in
this case the transmitted frames have to be fragmented more often, which
means a higher load on the AP processor.

DTIM Period

The DTIM period specifies the interval between transmissions of the
broadcast and multicast packets. All WLAN clients must be active during this
interval. Increasing the DTIM period lowers the clients' power consumption
slightly. Not all programs can manage the increase in response times,
however.

3.3.5.2 Securing the WLAN with Radius

In order to ensure that communication in the WLAN network is secure,
several measures need to be taken. Firstly, data packets transmitted via the
openly visible radio interface must be encrypted, and secondly, all
components that form a part of the network or provide services should have
to authenticate themselves.

To accomplish this, you construct a so-called ‘AAA’ system (Authentication,
Authorisation, Accounting). The RFP L42 WLAN functions as the network
access server and a Radius server as the AAA server.

The RFP L42 WLAN functions as the network access and can forward the
Authentication to a Radius server in the network.

Encryption of the data transmitted between the RFP L42 WLAN and the
WLAN client is either by means of WPA (Wi-Fi Protected Access) with 802.1x
(Radius) or “802.1x (Radius)” which use WEP encryption . The server IP
address, IP port and common password must be entered in the Radius
profile.

A Radius Server (Remote Authentication Dial In User Service) handle 802.1x
Authentication and authorize client.

We recommend to use a Radius Server with EAP-TLS (e.g. FreeRadius or
MS Windows 2003 IAS Server) and a Certificate Authority (CA).

Your WLAN Client need to support these authentication method and must
hold relevant certificates (most WLAN clients do). A certification site is
required in order to generate the keys, which has to be made known to the
WLAN client and the Radius server.

You must enter the Radius server IP address, IP port and common secret in
the radius setting section.