Allied Telesis AT-WA7501 User Manual
Page 172

Chapter 6: Configuring Security
172
Use an 802.1x security solution. 802.1x security provides a framework 
to authenticate user traffic to a protected wireless network. Using 
802.1x security provides secure data transmission by creating a 
secure spanning tree and dynamically rotating the WEP keys. You 
configure the access point as an authenticator. For the authentication 
server, you can either use an external RADIUS server or you can use 
the access point’s embedded authentication server (EAS). For help, 
see “Implementing an 802.1x Security Solution” on page 192.
Use Wi-Fi Protected Access (WPA) security. WPA is a strongly 
enhanced, interoperable Wi-Fi security that addresses many of the 
vulnerabilities of Wired Equivalent Privacy (WEP). For help, see 
“Configuring Wi-Fi Protected Access (WPA) Security” on page 199.
For help troubleshooting security, see “Troubleshooting Security” on 
page 255.
When You
Configure
Different SSIDs
with Different
Security Settings
You can configure each 802.11g and 802.11a radio with up to four SSIDs 
or service sets. Although each service set shares one physical radio 
configuration, you can configure each service set with a different security 
configuration. Also, you can configure each service set for a separate 
VLAN. For example, you can configure: 
primary service set for WPA/PSK.
secondary 1 service set for WPA/802.1x and VLAN 13.
secondary 2 service set for static WEP and an ACL.
secondary 3 service set for Dynamic WEP/802.1x and VLAN 150.
Note that using multiple services sets is not part of the Wi-Fi standard. 
When multiple service sets are enabled, the SSID is hidden in the 
beacons, which is similar to checking the Disallow Network Name of 'ANY' 
check box. The access point master radio only sends a beacon from the 
primary service set. However, if an end device's radio sends a probe 
request for an SSID that belongs to a secondary service set, then the 
access point radio will send a probe response from that service set. 
Many end device radios do not support using multiple service sets to 
implement a mixed security environment. The radios do not understand 
different security information coming from the beacons and probe 
responses. This means: 
if any type of security is set on the primary service set, then the 
secondary service sets should also the same type of security. 
if no security is set on the primary service set, then the secondary 
service sets cannot use any type of security. 
For example, you have an access point with an 802.11g radio. You 
configure the primary service set for WPA/PSK and you do not configure 
any security for the secondary 1 service set. An older end device with an 
