beautypg.com

Allied Telesis AT-WA7501 User Manual

Page 175

background image

AT-WA7500 and AT-WA7501 Installation and User’s Guide

175

When You

Specify the

Security Options

for Multiple

SSIDs per Radio

As described in “About the Radios” on page 100, you can configure each
802.11g and 802.11a radio with up to four SSIDs, creating up to four
service sets per radio. Although each service set shares one physical
radio configuration, it may have a completely different security
configuration. Also, you can configure each service set for a separate
VLAN, as described on page 144.

For example, you can configure:

ˆ

primary service set for WPA/PSK.

ˆ

secondary 1 service set for WPA + 802.1x and VLAN 13.

ˆ

secondary 2 service set for static WEP and an ACL.

ˆ

secondary 3 service set for Dynamic WEP/802.1x and VLAN 150.

Most clients do not support a mixed security environment using multiple
SSIDs, which means:

ˆ

if any type of security is set on the primary service set, then the
secondary service sets should also use some type of security.

ˆ

if no security is set on the primary service set, then the secondary
service sets cannot use any type of security.

For example, on an access point with an 802.11a radio, you configure the
primary service set for WPA/PSK, and you do not configure any security
for the secondary 1 service set. An end device with an 802.11a radio is
configured with no security and is expected to associate with the
secondary 1 service set. However, because the end device recognizes
that it does not have any security enabled, when it receives the beacon
from the access point, which indicates that some type of security is being
used, the end device does not try to associate with the access point.

Note

The newer 802.11g radios available in newer end devices should
work properly in a mixed security environment. For help, contact
your local Allied Telesyn representative.

Another important consideration is that the service set that has wireless
hops enabled should have the strongest security configuration possible for
your environment. Do not enable wireless hops on the port that has no
security. The security concern is that wireless access points (WAPs)
configured on the other service sets will hear the unencrypted hellos on
the wireless hop port and those WAPs will attach, even though they should
not.

This manual is related to the following products:
See also other documents in the category Allied Telesis Computer hardware: