D-Link DWL-3600AP

To Next Page

To Previous Page

VirtualAccessPointSettings

D-Link UnifiedAccessPointAdministrator’sGuide

November2011 Page76

UnifiedAccessPointAdministrator’sGuide

StaticWEPRules

IfyouuseStaticWEP,thefollowingrulesapply:

•AllclientstationsmusthavetheWirelessLAN(WLAN)securitysettoWEP,andallclientsmusthaveoneof

theWEPkeysspecifiedontheAPinordertode‐codeAP‐to‐stationdatatransmissions.

•TheAPmusthaveallkeys

usedbyclientsforstation‐to‐APtransmitsothatitcande‐codethestation

transmissions.

•Thesamekeymustoccupythesameslotonallnodes(APandclients).ForexampleiftheAPdefines

abc123keyasWEPkey3,thentheclientstationsmustdefinethatsame

stringasWEPkey3.

•Clientstationscanusedifferentkeystotransmitdatatotheaccesspoint.(Ortheycanallusethesame

key ,butthisislesssecurebecauseitmeansonestationcandecryptthedatabeingsentbyanother.)

•Onsomewirelessclientsoftware,youcan

configuremultipleWEPkeysanddefineaclientstation

“transferkeyindex”,andthensetthestationstoencryptthedatatheytransmitusingdifferentkeys.This

ensuresthatneighboringAPscannotdecodeeachother’stransmissions.

•Youcannotmix64‐bitand128‐bitWEPkeysbetweentheaccesspointand

itsclientstations.

IEEE802.1X

IEEE802.1Xisthestandarddefiningport‐basedauthenticationandinfrastructurefordoingkeymanagement.

ExtensibleAuthenticationProtocol( EAP)messagessentoveranIEEE802.11wirelessnetworkusingaprotocol

calledEAPEncapsulationOverLANs(EAPOL).IEEE802.1Xprovidesdynamically‐generate dkeysthatare

periodicallyrefreshed.AnRC4streamcipher

isusedtoencrypttheframebodyandcyclicredundancychecking

(CRC)ofeach802.11frame.

ThismoderequirestheuseofanexternalRADIUSservertoauthenticateusers.TheAPrequiresaRADIUS

servercapableofEAP,suchastheMicrosoftInternetAuthenticationServer.ToworkwithWindowsclients,

the

authenticationservermustsupportProtectedEAP(PEAP)andMSCHAPV2.

YoucanuseanyofavarietyofauthenticationmethodsthattheIEEE802.1Xmodesupports,including

certificates,Kerberos,andpublickeyauthentication.Youmustconfiguretheclientstationstousethesame

authenticationmethodtheAPuses.

Table24:

IEEE802.1X

Field Description

UseGlobalRADIUS

ServerSettings

BydefaulteachVAPusestheglobalRADIUSsettingsthatyoudefinefortheAPatthetop

oftheVAPpage.However,youcanconfigureeachVAPtouseadifferentsetofRADIUS

servers.

TousetheglobalRADIUSserversettings,makesurethe

checkboxisselected.

TouseaseparateRADIUSserverfortheVAP ,clearthecheckboxandentertheRADIUS

serverIPaddres sandkeyinthefollowingfields.

RADIUSIPAddress

Type

SpecifytheIPversionthattheRADIUSserveruses.

Youcantogglebetweentheaddresstypestoconfigure

IPv4andIPv6globalRADIUS

addresssettings,buttheAPcontactsonlytheRADIUSserverorserversfortheaddress

typeyouselectinthisfield.

Main Page

Table of Contents

Other manuals for D-Link DWL-3600AP

Related product manuals