Configuring wlan security, Wlan basic configuration deployment considerations – Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 407
Brocade Mobility Access Point System Reference Guide
397
53-1003100-01
6
Refer to the Other Settings field to define broadcast behavior within this specific WLAN.
Refer to the VLAN Assignment field to add or remove VLANs for the selected WLAN, and define the
number of clients permitted. Remember, users belonging to separate VLANs can share the same
WLAN. It’s not necessary to create a new WLAN for every VLAN in the network.
Select Allow RADIUS Override to allow the access point to override the client VLAN assignment and
use the VLAN assigned by a RADIUS Server instead. If, as part of the authentication process, the
RADIUS server returns a client’s
VLAN ID in a RADIUS Access-Accept packet, and this feature is enabled, all client traffic is
forwarded on that VLAN. If disabled, the RADIUS server returned VLAN ID is ignored and the VLAN
configuration (defined in the preceding step) is used.
If RADIUS authentication fails, the VLAN defined is the VLAN assigned to the WLAN.
Select OK when completed to update the WLAN’s basic configuration. Select Reset to revert the
screen back to the last saved configuration.
WLAN Basic Configuration Deployment Considerations
Before defining a WLAN’s basic configuration, refer to the following deployment guidelines to
ensure the configuration is optimally effective:
•
Deploy separate VLAN for providing secure WLAN access.
•
Define separate VLAN for each WLAN providing guest access.
Configuring WLAN Security
Assign WLANs unique security configurations supporting authentication, captive portal (hotspot),
self registration or encryption schemes as data protection requirements dictate.
Bridging Mode
Use the drop-down menu to specify the WLAN’s bridging mode as either Local or Tunnel.
Select Local to bridge VLAN traffic locally, or Tunnel to use a shared tunnel for bridging the
WLAN’s VLAN traffic. Local is the default setting.
DHCP Option 82
Select this option to enable DHCP Option 82. DHCP option 82 provides additional
information on the physical attachment of a client This setting is disabled by default
Broadcast SSID
Select this radio button to broadcast SSIDs within beacons. If a hacker tries to isolate and
hack a client SSID via a client, the ESSID displays since the ESSID is in the beacon. This
feature is enabled by default.
Answer Broadcast Probes
Select this radio button to associate a client with a blank SSID (regardless of which SSID
the wireless controller is currently using). This feature is enabled by default.
Single VLAN
Select this radio button to assign just one VLAN to this WLAN. Enter the VLAN ID that
displays when the Single VLAN radio button is selected. Utilizing a single VLAN per WLAN
is a more typical deployment scenario than using a VLAN pool.