110
Configuring WLAN security
When it comes to security, a WLAN is inherently weaker than a wired LAN because all the wireless
devices use the air as the transmission media, which means that the data transmitted by one device
can be received by any other device within the coverage of the WLAN. To improve WLAN security,
you can use white and black lists and user isolation to control user access and behavior.
Blacklist and white list
You can configure the blacklist and white list functions to filter frames from WLAN clients and thereby
implement client access control.
The WLAN client access control is accomplished through the following three types of lists.
• White list—Contains the MAC addresses of all clients allowed to access the WLAN. If the
whitelist is used, only permitted clients can access the WLAN, and all frames from other clients
will be discarded.
• Static blacklist—Contains the MAC addresses of clients forbidden to access the WLAN. This
list is manually configured.
• Dynamic blacklist—Contains MAC addresses of clients whose frames will be dropped. A
client is dynamically added to the list if it is considered sending attacking frames until the timer
of the entry expires.
When a device receives an 802.11 frame, it checks the source MAC address of the frame and
processes the frame as follows:
1. If the source MAC address does not match any entry in the white list, it is dropped. If there is a
match, the frame is considered valid and will be further processed.
2. If no white list entries exist, the static and dynamic blacklists are searched.
If the source MAC address matches an entry in any of the two lists, it is dropped.
If there is no match, or no blacklist entries exist, the frame is considered valid and will be
further processed.
Configuring the blacklist and white list functions
Configuring dynamic blacklist
Select Interface Setup > Wireless > Security from the navigation tree, and then click the Blacklist
tab.
To Next Page
Loading...
Need help?
General
