ZyXEL NWA90AX User Guide - Page 123

Chapter 12 AP Profile Table 47 Configuration > Object > AP Profile > SSID > Security List > Add/Edit Security Profile> Security Mode: wpa3 (continued) LABEL DESCRIPTION Advance Note: Click on the Show Advanced Settings button to show the fields describe below. Idle Timeout Group Key Update Timer Pre-Authentication Management Frame Protection Enter the idle interval (in seconds) that a client can be idle before authentication is discontinued. Enter the interval (in seconds) at which the AP updates the group WPA2 encryption key. Select Enable to allow pre-authentication. Otherwise, select Disable. This field is available only when you select wpa2 in the Security Mode field and set Cipher Type to aes. Data frames in 802.11 WLANs can be encrypted and authenticated with WEP, WPA or WPA2. But 802.11 management frames, such as beacon/probe response, association request, association response, de-authentication and disassociation are always unauthenticated and unencrypted. IEEE 802.11w Protected Management Frames allows APs to use the existing security mechanisms (encryption and authentication methods defined in IEEE 802.11i WPA/WPA2) to protect management frames. This helps prevent wireless DoS attacks. Select the check box to enable management frame protection (MFP) to add security to 802.11 management frames. This option is always enabled if you select enhanced-open or WPA3 as the Security Mode. If Optional is selected, WiFi clients will not be not required to support MFP. Management frames will be encrypted if the clients support MFP. Radius Settings Primary / Secondary Radius Server Activate Radius Server IP Address Radius Server Port Radius Server Secret Primary / Secondary Accounting Server Activate Accounting Server IP Address Accounting Server Port Accounting Share Secret Accounting Interim Update If Required is selected, WiFi clients must support MFP in order to join the Zyxel Device's WiFi network. Select this to have the Zyxel Device use the specified RADIUS server. Enter the IP address of the RADIUS server to be used for authentication. Enter the port number of the RADIUS server to be used for authentication. Enter the shared secret password of the RADIUS server to be used for authentication. Select the check box to enable user accounting through an external authentication server. Enter the IP address of the external accounting server in dotted decimal notation. Enter the port number of the external accounting server. The default port number is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. Enter a password (up to 128 alphanumeric characters) as the key to be shared between the external accounting server and the Zyxel Device. The key must be the same on the external accounting server and your Zyxel Device. The key is not sent over the network. This field is available only when you enable user accounting through an external authentication server. Interim Update Interval General Server Settings Select this to have the Zyxel Device send subscriber status updates to the accounting server at the interval you specify. Specify the time interval for how often the Zyxel Device is to send a subscriber status update to the accounting server. NWA50AX/NWA90AX/NWA55AXE Series User's Guide 123