Proxim Wireless AP700 Wireless Access Device User Manual APs UG
Proxim Wireless Corporation Wireless Access Device APs UG
Contents
- 1. reg manual
- 2. manual 1
- 3. manual 2
- 4. Users Manual 1 of 3
- 5. Users Manual 2 of 3
- 6. Users Manual 3 of 3
Users Manual 1 of 3
![Advanced Configuration AP-700 User GuideSSID/VLAN/Security111CAUTION: Once a VLAN Management ID is configured and is equivalent to one of the VLAN User IDs on the AP, all members of that User VLAN will have management access to the AP. Be careful to restrict VLAN membership to those with legitimate access to the AP.NOTE: When VLAN is enabled, ensure that all devices in the network share the same VLAN ID.1. Click Configure > SSID/VLAN/Security > Mgmt VLAN.2. Set the VLAN Management ID to use the same VLAN ID as one of the configured SSIDs. 3. Place a check mark in the Enable VLAN Tagging box.Disable VLAN Tagging1. Click Configure > SSID/VLAN/Security > Mgmt VLAN.2. Remove the check mark from the Enable VLAN Tagging box (to disable all VLAN functionality) or set the VLAN Management ID to -1 (to disable VLAN Tagging only).NOTE: If you disable VLAN Tagging, you will be unable to configure security per SSID.Security ProfileSee the following sections:•Security Features•Authentication Protocol Hierarchy•VLANs and Security Profiles•Configuring Security ProfilesSecurity FeaturesThe AP supports the following security features:•WEP Encryption: The original encryption technique specified by the IEEE 802.11 standard.•802.1x Authentication: An IEEE standard for client authentication.•Wi-Fi Protected Access (WPA/802.11i [WPA2]): A new standard that provides improved encryption security over WEP.NOTE: The AP does not support shared key 802.11 MAC level authentication. Clients with this MAC level feature must disable it.WEP EncryptionThe IEEE 802.11 standards specify an optional encryption feature, known as Wired Equivalent Privacy or WEP, that is designed to provide a wireless LAN with a security level equal to what is found on a wired Ethernet network. WEP encrypts the data portion of each packet exchanged on an 802.11 network using an Encryption Key (also known as a WEP Key).When Encryption is enabled, two 802.11 devices must have the same Encryption Keys and both devices must be configured to use Encryption in order to communicate. If one device is configured to use Encryption but a second device is not, then the two devices will not communicate, even if both devices have the same Encryption Keys.802.1x AuthenticationIEEE 802.1x is a standard that provides a means to authenticate and authorize network devices attached to a LAN port. A port in the context of IEEE 802.1x is a point of attachment to the LAN, either a physical Ethernet connection or a wireless link to an Access Point. 802.1x requires a RADIUS server and uses the Extensible Authentication Protocol (EAP) as a standards-based authentication framework, and supports automatic key distribution for enhanced security. The EAP-based authentication framework can easily be upgraded to keep pace with future EAP types.Popular EAP types include:](https://usermanual.wiki/Proxim-Wireless/AP700.Users-Manual-1-of-3/User-Guide-843518-Page-111.png)
![Advanced Configuration AP-700 User GuideSSID/VLAN/Security113Wi-Fi Protected Access (WPA/802.11i [WPA2])Wi-Fi Protected Access (WPA) is a security standard designed by the Wi-Fi Alliance in conjunction with the Institute of Electrical and Electronics Engineers (IEEE). The AP supports 802.11i (WPA2), based on the IEEE 802.11i security standard.WPA is a replacement for Wired Equivalent Privacy (WEP), the encryption technique specified by the original 802.11 standard. WEP has several vulnerabilities that have been widely publicized. WPA addresses these weaknesses and provides a stronger security system to protect wireless networks.WPA provides the following new security measures not available with WEP:• Improved packet encryption using the Temporal Key Integrity Protocol (TKIP) and the Michael Message Integrity Check (MIC).• Per-user, per-session dynamic encryption keys:– Each client uses a different key to encrypt and decrypt unicast packets exchanged with the AP– A client's key is different for every session; it changes each time the client associates with an AP– The AP uses a single global key to encrypt broadcast packets that are sent to all clients simultaneously– Encryption keys change periodically based on the Re-keying Interval parameter– WPA uses 128-bit encryption keys• Dynamic Key distribution– The AP generates and maintains the keys for its clients– The AP securely delivers the appropriate keys to its clients• Client/server mutual authentication–802.1x– Pre-shared key (for networks that do not have an 802.1x solution implemented)The AP supports the following WPA security modes:•WPA: The AP uses 802.1x to authenticate clients and TKIP for encryption. You should only use an EAP that supports mutual authentication and session key generation, such as EAP-TLS, EAP-TTLS, and PEAP. See 802.1x Authentication for details.•WPA-PSK (Pre-Shared Key): For networks that do not have 802.1x implemented, you can configure the AP to authenticate clients based on a Pre-Shared Key. This is a shared secret that is manually configured on the AP and each of its clients. The Pre-Shared Key must be 256 bits long, which is either 64 hexadecimal digits or 32 alphanumeric characters. The AP also supports a PSK Pass Phrase option to facilitate the creation of the TKIP Pre-Shared Key (so a user can enter an easy-to-remember phrase rather than a string of characters). •802.11i (also known as WPA2): The AP provides security to clients according to the 802.11i draft standard, using 802.1x authentication, a CCMP cipher based on AES, and re-keying.•802.11i-PSK (also known as WPA2 PSK): The AP uses a CCMP cipher based on AES, and encrypts frames to clients based on a Pre-Shared Key. The Pre-Shared Key must be 256 bits long, which is either 64 hexadecimal digits or 32 alphanumeric characters. The AP also supports a PSK Pass Phrase option to facilitate the creation of the Pre-Shared Key (so a user can enter an easy-to-remember phrase rather than a string of characters).NOTE: For more information on WPA, see the Wi-Fi Alliance Web site at http://www.wi-fi.org.Authentication Protocol HierarchyThere is a hierarchy of authentication protocols defined for the AP. The hierarchy is as follows, from highest to lowest:• 802.1x authentication (including 802.1x, WPA, WPA-PSK, 802.11i, 802.11i-PSK)• MAC Access Control via RADIUS Authentication• MAC Access Control through individual APs' MAC Access Control Lists](https://usermanual.wiki/Proxim-Wireless/AP700.Users-Manual-1-of-3/User-Guide-843518-Page-113.png)
