Configuring access point security, Chapter 6, Configuring – Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

Brocade Mobility 5181 Access Point Product Reference Guide

131

53-1002516-01

Chapter

6

Configuring Access Point Security

In this chapter

•

Configuring security options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

•

Setting passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

•

Enabling authentication and encryption schemes . . . . . . . . . . . . . . . . . . . 134

•

Configuring Kerberos authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

•

Configuring 802.1x EAP authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

•

Configuring WEP encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

•

Configuring KeyGuard encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

•

Configuring WPA/WPA2 using TKIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

•

Configuring WPA2-CCMP (802.11i) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

•

Configuring firewall settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

•

Configuring VPN tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

•

Configuring content filtering settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

•

Configuring rogue AP detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

•

Configuring user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Security measures for the Mobility 5181 Access Point and its WLANs are critical. Use the available
Mobility 5181 Access Point security options to protect the Mobility 5181 Access Point LAN from
wireless vulnerabilities, and safeguard the transmission of RF packets between the Mobility 5181
Access Point and its associated Clients.

WLAN security can be configured on an ESS by ESS basis on the Mobility 5181 Access Point.
Sixteen separate ESSIDs (WLANs) can be supported on an Mobility 5181 Access Point, and must
be managed (if necessary) between the 802.11a and 802.11b/g radio. The user has the capability
of configuring separate security policies for each WLAN. Each security policy can be configured
based on the authentication (Kerberos, 802.1x EAP) or encryption (WEP, KeyGuard, WPA/TKIP or
WPA2/CCMP) scheme best suited to the coverage area that security policy supports.

The Mobility 5181 Access Point can also create VPN tunnels to securely route traffic through a
IPSEC tunnel and block transmissions with devices interpreted as Rogue APs.

NOTE

Security for the Mobility 5181 Access Point can be configured in various locations throughout the
Mobility 5181 Access Point menu structure. This chapter outlines the security options available to
the Mobility 5181 Access Point, and the menu locations and steps required to configure specific
security measures.