Overview
Summit WM3000 Series Controller System Reference Guide30
configuration is also expected on the Radius server). MAC-Auth supports all encryption types, and (in
case of 802.11i) the handshake is completed before the Radius lookup begins. For information on
configuring 802.1x EAP for a WLAN, see “Configuring MAC Authentication” on page 132.
Secure Beacon
Devices in a wireless network use Service Set Identifiers (SSIDs) to communicate. An SSID is a text string
up to 32 bytes long. An AP in the network announces its status by using beacons. To avoid others from
accessing the network, the most basic security measure adopted is to change the default SSID to one not
easily recognizable, and disable the broadcast of the SSID.
The SSID is a code attached to all packets on a wireless network to identify each packet as part of that
network. All wireless devices attempting to communicate with each other must share the same SSID.
Apart from identifying each packet, the SSID also serves to uniquely identify a group of wireless
network devices used in a given service set.
MU to MU Disallow
Use MU to MU Disalllow to restrict MU to MU communication within a WLAN. The default is ‘no’,
which allows MUs to exchange packets with other MUs. It does not prevent MUs on other WLANs
from sending packets to this WLAN. You would have to enable MU to MU Disallow on the other
WLAN. To define how MU to MU traffic is permitted for a WLAN, see “Editing the WLAN
Configuration” on page 113.
802.1x Authentication
802.1x Authentication cannot be disabled (its always enabled).
802.1x authentication is conducted:
● At power up
● When re-authentication is initiated by the Authenticator (say the controller in between)
WIPS
The Motorola Wireless Intrusion Protection Software (WIPS) is supported by Extreme Networks WM3000
series WLAN controllers. The WIPS monitors for any presence of unauthorized rogue Access Points.
Unauthorized attempts to access the WLAN is generally accompanied by anomalous behavior as
intruding MUs try to find network vulnerabilities. Basic forms of this behavior can be monitored and
reported without needing a dedicated WIPS. When the parameters exceed a configurable threshold, the
controller generates an SNMP trap and reports the result via the management interfaces. Basic WIPS
functionality does not require monitoring APs and does not perform off-channel scanning.
When using an AP35XX for use with WIPS and as a sensor you must first configure the WIPS server IP Addresses
before converting the AP35XX to a sensor.
To Next Page
Loading...