D-Link DWL-8500AP Product Manual - Page 43
Enabling Station Isolation, Configuring Virtual Access Point Security, Multicast, Broadcast, Unicast
UPC - 790069297212
View all D-Link DWL-8500AP manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 43 highlights
4 Configuring Access Point Security Additionally, this mode incorporates a RADIUS server for user authentication which makes WPA Enterprise more secure than WPA Personal mode. Use the following guidelines for choosing options within the WPA Enterprise mode security mode: 1. Currently, the best security you can have on a wireless network is WPA Enterprise mode using AES-CCMP encryption algorithm. AES is a symmetric 128-bit block data encryption technique that works on multiple layers of the network. It is the most effective encryption system currently available for wireless networks. If all clients or other APs on the network are WPA/CCMP compatible, use this encryption algorithm. (If all clients are WPA2 compatible, choose to support only WPA2 clients.) 2. The second best choice is WPA Enterprise with the encryption algorithm set to both TKIP and CCMP. This lets WPA client stations without CCMP associate, uses TKIP for encrypting Multicast and Broadcast frames, and allows clients to select whether to use CCMP or TKIP for Unicast (AP-to-single-station) frames. This WPA configuration allows more interoperability, at the expense of some security. Client stations that support CCMP can use it for their Unicast frames. If you encounter AP-to-station interoperability problems with the "Both" encryption algorithm setting, then you will need to select TKIP instead. (See next bullet.) 3. The third best choice is WPA Enterprise with the encryption algorithm set to TKIP. Some clients have interoperability issues with CCMP and TKIP enabled at same time. If you encounter this problem, then choose TKIP as the encryption algorithm. This is the standard WPA mode and is usually interoperable with client Wireless software security features. Enabling Station Isolation When Station Isolation is enabled, the access point blocks communication between wireless clients associated with the same radio on the access point. The access point still allows data traffic between its wireless clients and wired devices on the network, but not among wireless clients. You enable station isolation on the Wireless settings page. For more information, see "Setting the Wireless Interface" on page 55. Configuring Virtual Access Point Security You configure secure wireless client access by configuring security for each virtual access point (VAP) that you enable. You can configure up to eight VAPs per radio that simulate multiple APs in one physical access point. By default, only one VAP is enabled. For each VAP, you can configure a unique security mode to control wireless client access. VAPs segment the wireless LAN into multiple broadcast domains and are the wireless equivalent of Ethernet VLANs. You can configure each VAP with a unique SSIDs so that each VAP represents a different wireless network for clients to access. By configuring VAPs, you can maintain better control over broadcast and multicast traffic, which affects network performance. Configuring Virtual Access Point Security 43