Configuring access point security, In this chapter, Chapter 6 – Brocade Mobility 7131 Access Point Product Reference Guide (Supporting software release 4.4.0.0 and later) User Manual

Brocade Mobility 7131 Access Point Product Reference Guide

189

53-1002517-01

Chapter

6

Configuring Access Point Security

In this chapter

•

Configuring Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

•

Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

•

Enabling Authentication and Encryption Schemes . . . . . . . . . . . . . . . . . . . 192

•

Configuring Kerberos Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

•

Configuring 802.1x EAP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

•

Configuring WEP Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

•

Configuring KeyGuard Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

•

Configuring WPA/WPA2 Using TKIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

•

Configuring WPA2-CCMP (802.11i) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

•

Configuring Multi Cipher Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

•

Configuring Firewall Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

•

Configuring VPN Tunnels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

•

Configuring Content Filtering Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

•

Configuring Rogue AP Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

•

Configuring User Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

Security measures for the Mobility 7131 Access Point and its WLANs are critical. Use the available
Mobility 7131 Access Point security options to protect the Mobility 7131 Access Point LAN from
wireless vulnerabilities, and safeguard the transmission of RF packets between the Mobility 7131
Access Point and its associated MUs.

WLAN security can be configured on an ESS by ESS basis on the Mobility 7131 Access Point.
Sixteen separate ESSIDs (WLANs) can be supported on an Mobility 7131 Access Point, and must be
managed (if necessary) between the 802.11a/n and 802.11b/g/n radio. The user has the
capability of configuring separate security policies for each WLAN. Each security policy can be
configured based on the authentication (Kerberos, 802.1x EAP) or encryption (WEP, KeyGuard,
WPA/TKIP or WPA2/CCMP) scheme best suited to the coverage area that security policy supports.

The Mobility 7131 Access Point can also create VPN tunnels to securely route traffic through a
IPSEC tunnel and block transmissions with devices interpreted as Rogue APs.

NOTE

Security for the Mobility 7131 Access Point can be configured in various locations throughout the
Mobility 7131 Access Point menu structure. This chapter outlines the security options available to
the Mobility 7131 Access Point, and the menu locations and steps required to configure specific
security measures.