D-Link DWL-3600AP Users Manual - Page 76
Static WEP Rules, IEEE 802.1X
View all D-Link DWL-3600AP manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 76 highlights
Unified Access Point Administrator's Guide Virtual Access Point Settings Static WEP Rules If you use Static WEP, the following rules apply: • All client stations must have the Wireless LAN (WLAN) security set to WEP, and all clients must have one of the WEP keys specified on the AP in order to de‐code AP‐to‐station data transmissions. • The AP must have all keys used by clients for station‐to‐AP transmit so that it can de‐code the station transmissions. • The same key must occupy the same slot on all nodes (AP and clients). For example if the AP defines abc123 key as WEP key 3, then the client stations must define that same string as WEP key 3. • Client stations can use different keys to transmit data to the access point. (Or they can all use the same key, but this is less secure because it means one station can decrypt the data being sent by another.) • On some wireless client software, you can configure multiple WEP keys and define a client station "transfer key index", and then set the stations to encrypt the data they transmit using different keys. This ensures that neighboring APs cannot decode each other's transmissions. • You cannot mix 64‐bit and 128‐bit WEP keys between the access point and its client stations. IEEE 802.1X IEEE 802.1X is the standard defining port‐based authentication and infrastructure for doing key management. Extensible Authentication Protocol (EAP) messages sent over an IEEE 802.11 wireless network using a protocol called EAP Encapsulation Over LANs (EAPOL). IEEE 802.1X provides dynamically‐generated keys that are periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame. This mode requires the use of an external RADIUS server to authenticate users. The AP requires a RADIUS server capable of EAP, such as the Microsoft Internet Authentication Server. To work with Windows clients, the authentication server must support Protected EAP (PEAP) and MSCHAP V2. You can use any of a variety of authentication methods that the IEEE 802.1X mode supports, including certificates, Kerberos, and public key authentication. You must configure the client stations to use the same authentication method the AP uses. Table 24: IEEE 802.1X Field Description Use Global RADIUS By default each VAP uses the global RADIUS settings that you define for the AP at the top Server Settings of the VAP page. However, you can configure each VAP to use a different set of RADIUS servers. To use the global RADIUS server settings, make sure the check box is selected. To use a separate RADIUS server for the VAP, clear the check box and enter the RADIUS server IP address and key in the following fields. RADIUS IP Address Specify the IP version that the RADIUS server uses. Type You can toggle between the address types to configure IPv4 and IPv6 global RADIUS address settings, but the AP contacts only the RADIUS server or servers for the address type you select in this field. D-Link November 2011 Unified Access Point Administrator's Guide Page 76