Chapter 13 AP Profile
NWA/WAC/WAX Series User’s Guide
171
The following table describes the labels in this screen.
Table 67 Configuration > Object > AP Profile > SSID > Security List > Add/Edit Security Profile> Security
Mode: wpa3
LABEL DESCRIPTION
General Settings
Profile Name Enter up to 31 alphanumeric characters for the profile name. This name is only visible in
the Web Configurator and is only for management purposes. Spaces and underscores
are allowed.
Security Mode Select a security mode from the list: none, enhanced-open, wep, wpa2, wpa2-mix or
wpa3.
enhanced-open uses Opportunistic Wireless Encryption (OWE) which encrypts the
wireless connection when possible.
Authentication Settings
Enterprise Select this to enable 802.1X secure authentication with a RADIUS server.
ReAuthentication
Timer
Enter the interval (in seconds) between authentication requests. Enter a 0 for unlimited
time.
Personal This field is available when you select the wpa2, wpa2-mix or wpa3 security mode.
Select this option to use a Pre-Shared Key (PSK) with WPA2 encryption or Simultaneous
Authentication of Equals (SAE) with WPA3 encryption.
Pre-Shared Key Enter a pre-shared key of between 8 and 63 case-sensitive ASCII characters (including
spaces and symbols) or 64 hexadecimal characters.
Transition Mode This option only displays if you set the Security Mode to wpa3 or enhanced-open. This
option is always enabled for backwards compatibility. This creates two virtual APs (VAPs)
with a primary (wpa3 or enhanced-open) and fallback (wpa2 or none) security method.
Advance
Note: Click on the Show Advanced Settings button to show the fields describe below.
Idle Timeout Enter the idle interval (in seconds) that a client can be idle before authentication is
discontinued.
Group Key Update
Timer
Enter the interval (in seconds) at which the AP updates the group WPA2 encryption key.
Management Frame
Protection
This field is configurable only when you select wpa2 in the Security Mode field and set
Cipher Type to aes.
Data frames in 802.11 WLANs can be encrypted and authenticated with WEP, WPA or
WPA2. But 802.11 management frames, such as beacon/probe response, association
request, association response, de-authentication and disassociation are always
unauthenticated and unencrypted. IEEE 802.11w Protected Management Frames allows
APs to use the existing security mechanisms (encryption and authentication methods
defined in IEEE 802.11i WPA/WPA2) to protect management frames. This helps prevent
wireless DoS attacks.
Select the check box to enable management frame protection (MFP) to add security to
802.11 management frames. This option is always enabled if you select enhanced-open
or WPA3 as the Security Mode.
If Optional is selected, WiFi clients will not be not required to support MFP. Management
frames will be encrypted if the clients support MFP.
If Required is selected, WiFi clients must support MFP in order to join the Zyxel Device’s
WiFi network.
Radius Settings
Primary / Secondary
Radius Server Activate
Select this to have the Zyxel Device use the specified RADIUS server.
To Next Page
Loading...
