beautypg.com

Allied Telesis AT-WA7501 User Manual

Page 174

background image

Chapter 6: Configuring Security

174

7. Implement one of these mutually-exclusive security solutions (on each

service set) to ensure secure communications between the access
points and wireless end devices in your network:

Use basic WEP 64/128/152 security. You can configure up to four
different WEP keys on the access point and most wireless end
devices, and then you specify which key is being used to encrypt data.
You should periodically change which WEP key these devices use.
802.11g and 802.11b radios support WEP 64/128 security, and
802.11a radios support 64/128/152 security. For help, see “Configuring
WEP 64/128/152 Security” on page 191
.

Use an 802.1x security solution. 802.1x security provides a framework
to authenticate user traffic to a protected wireless network. Using
802.1x security provides secure data transmission by creating a
secure spanning tree and dynamically rotating the WEP keys. You
configure the access point as an authenticator. For the authentication
server, you can either use an external RADIUS server or you can use
the access point’s embedded authentication server (EAS). For help,
see “Implementing an 802.1x Security Solution” on page 194.

Use Wi-Fi Protected Access (WPA) security. WPA is a strongly
enhanced, interoperable Wi-Fi security that addresses many of the
vulnerabilities of Wired Equivalent Privacy (WEP). For help, see
“Configuring Wi-Fi Protected Access (WPA) Security” on page 201.

For help troubleshooting security, see “Troubleshooting Security” on
page 260.

When You

Include Multiple

RADIUS Servers

on the RADIUS

Server List

You can use multiple RADIUS servers to act as password servers, to
support ACLs, and to use in an 802.1x security solution. When you
configure each of these security solutions, you need to go to the RADIUS
Server List screen and enter one or more RADIUS servers.

The access point uses the first RADIUS server (Server 1) in the list as the
main server. Other servers are simply backup servers.

ˆ

If the first RADIUS server responds and the client’s information does
not appear in that server’s database, the client is blocked. The access
point does not check the databases on any other RADIUS servers.

ˆ

If the first RADIUS server goes down during the operation and a
RADIUS server lookup needs to occur, the authenticator access point
will time out looking for the first server. Then, the access point looks for
the next server in the list. If the authenticator access point finds the
next server, it stays with that server forever, even if the first server
comes back. If the backup server goes down, the authenticator access
point continues looking down the list and eventually wraps around to
the first server again.

This manual is related to the following products: