Help - Security Profile

 

Profile
Profile Name Enter a suitable name for this profile. Every profile must have a unique name.
SSID Enter the desired SSID for this profile.
Wireless Band Select the Wireless band or bands which this profile should apply to. (If your Access Point only has a single band, then only 1 option is available.)

Wireless Security
Security System Select the desired option, and then enter the settings for the selected method.
See the following sections for full details of each setting.
The options available are:
  • None - No security is used. Anyone using the correct SSID can connect to your network.
  • WEP - The 802.11b standard. Data is encrypted before transmission, but the encryption system is not as strong as later standards such as WPA-PSK.
  • WPA-PSK - Like WEP, data is encrypted before transmission. WPA is more secure than WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes frequently.
  • WPA2-PSK - This is a further development of WPA-PSK, and offers even greater security, using the AES (Advanced Encryption Standard) method of encryption.
  • WPA-PSK and WPA2-PSK - This method, sometimes called "Mixed Mode", allows clients to use EITHER WPA-PSK (with TKIP) OR WPA2-PSK (with AES).
  • WPA with Radius - This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA standard.
    If this option is selected:
    • This Access Point must have a "client login" on the Radius Server.
    • Each user must authenticate on the Radius Server. This is usually done using digital certificates.
    • Each user's wireless client must support 802.1x and provide the Radius authentication data when required.
    • All data transmission is encrypted using the WPA standard. Keys are automatically generated, so no key input is required.
  • WPA2 with Radius - This version of WPA2 requires a Radius Server on your LAN to provide the client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA2 standard.
    If this option is selected:
    • This Access Point must have a "client login" on the Radius Server.
    • Each user must authenticate on the Radius Server. This is usually done using digital certificates.
    • Each user's wireless client must support 802.1x and provide the Radius authentication data when required.
    • All data transmission is encrypted using the WPA2 standard. Keys are automatically generated, so no key input is required.
  • WPA and WPA2 with Radius - EITHER WPA or WPA2 require a Radius Server on your LAN to provide the client authentication according to the 802.1x standard. Data transmissions are encrypted using EITHER WPA or WPA2 standard.
    If this option is selected:
    • This Access Point must have a "client login" on the Radius Server.
    • Each user must authenticate on the Radius Server. This is usually done using digital certificates.
    • Each user's wireless client must support 802.1x and provide the Radius authentication data when required.
    • All data transmission is encrypted using EITHER WPA or WPA2 standard. Keys are automatically generated, so no key input is required.
  • 802.1x - This uses the 802.1x standard for client authentication, and WEP for data encryption. If possible, you should use WPA-802.1x instead, because WPA encryption is much stronger than WEP encryption.
    If this option is selected:
    • This Access Point must have a "client login" on the Radius Server.
    • Each user must authenticate on the Radius Server. This is usually done using digital certificates.
    • Each user's wireless client must support 802.1x and provide the Radius authentication data when required.
    • All data transmission is encrypted using the WEP standard. You only have to select the WEP key size; the WEP key is automatically generated.

Radius MAC Authentication
Radius MAC Authentication Radius MAC Authentication provides for MAC address checking which is centralized on your Radius server. See the Radius MAC Help File for more information.
Current Status The current status is displayed.
Configure Button Click this button to access a sub-screen where you can configure the Radius MAC authentication feature.

UAM
UAM UAM is intended for use in Internet cafes and other sites where user access must be accounted for. To use this feature, you also need a Radius Server. See the UAM Help File for more information.
Current Status The current status is displayed.
Configure Button Click this button to access a sub-screen where you can configure the UAM feature.

 


WEP
Authentication Normally this can be left at the default value of "Automatic." If that fails, select the appropriate value - "Open System" or "Shared Key." Check your wireless card's documentation to see what method to use.
Data Encryption Select the desired WEP Encryption level, and ensure Wireless stations have the same setting and key value.
Key Input Select "Hex" or "ASCII" depending on your input method. (All keys are converted to Hex, ASCII input is only for convenience.)
Key Value Enter the key value you wish to use. Other stations must have the same key.
Passphrase Use this to generate a key or keys, instead of entering them directly. Enter a word or group of printable characters in the Passphrase box and click the "Generate Key" button to automatically configure the WEP Key(s). If encryption strength is set to 64 bit, then each of the four key fields will be populated with key values. If encryption strength is set to 128 bit, then only the selected WEP key field will be given a key value.
Radius-based
MAC Authentication
Enable this if your network is using this system. If enabled, click the "Configure" button to configure the Radius server.
UAM Enable this if your network is using this system. If enabled, click the "Configure" button to configure the Radius server and the Login URL.

 


WPA-PSK
Key Enter the key value. Data is encrypted using this key. Other Wireless Stations must use the same key.
WPA Encryption The encryption method is TKIP. Wireless Stations must also use TKIP.
Key Updates These settings determine how often keys are changed.
  • Group Key Update
    This refers to the key used for broadcast transmissions. Enable this if you want the keys to be updated regularly, and enter the desired time period (Key Lifetime) between key updates.
  • Group Key Update when any membership terminates
    If enabled, the Group Key will be updated whenever any member leaves the group or disassociates from the Access Point.

 


WPA2-PSK
Key Enter the key value. Data is encrypted using this key. Other Wireless Stations must use the same key.
WPA Encryption The encryption method is AES. Wireless Stations must also use AES.
Key Updates These settings determine how often keys are changed.
  • Group Key Update
    This refers to the key used for broadcast transmissions. Enable this if you want the keys to be updated regularly, and enter the desired time period (Key Lifetime) between key updates.
  • Group Key Update when any membership terminates
    If enabled, the Group Key will be updated whenever any member leaves the group or disassociates from the Access Point.

 


WPA2-PSK and WPA2-PSK
Key Enter the key value. Data is encrypted using this key. Other Wireless Stations must use the same key.
WPA Encryption The encryption method is TKIP for WPA-PSK, and AES for WPA2-PSK.
Key Updates These settings determine how often keys are changed.
  • Group Key Update
    This refers to the key used for broadcast transmissions. Enable this if you want the keys to be updated regularly, and enter the desired time period (Key Lifetime) between key updates.
  • Group Key Update when any membership terminates
    If enabled, the Group Key will be updated whenever any member leaves the group or disassociates from the Access Point.

 


WPA with Radius
Radius Server Address Enter the name or IP address of the Radius Server on your network.
Radius Port Enter the port number used for connections to the Radius Server.
Client Login Name This read-only field displays the name used for the Client Login on the Radius Server. This Login name must be created on the Radius Server. (On some Radius Servers, you can use the AP's IP address instead of this name.)
Shared Key This is used for the Client Login on the Radius Server. Enter the key value to match the value on the Radius Server.
WPA Encryption The encryption method is TKIP. Wireless Stations must also use TKIP.
Key Updates These settings determine how often keys are changed.
  • Group Key Update
    This refers to the key used for broadcast transmissions. Enable this if you want the keys to be updated regularly, and enter the desired time period (Key Lifetime) between key updates.
  • Group Key Update when any membership terminates
    If enabled, the Group Key will be updated whenever any member leaves the group or disassociates from the Access Point.
RADIUS Accounting Enable this if you want this Access Point to send accounting data to the Radius Server.
If enabled, the port used by your Radius Server must be entered in the Radius Accounting Port" field.
Update Report every ... If Radius accounting is enabled, you can enable this and enter the desired update interval. This Access Point will then send updates according to the specified time period.

 


WPA2 with Radius
Radius Server Address Enter the name or IP address of the Radius Server on your network.
Radius Port Enter the port number used for connections to the Radius Server.
Client Login Name This read-only field displays the name used for the Client Login on the Radius Server. This Login name must be created on the Radius Server. (On some Radius Servers, you can use the AP's IP address instead of this name.)
Shared Key This is used for the Client Login on the Radius Server. Enter the key value to match the value on the Radius Server.
WPA Encryption The encryption method is AES. Wireless Stations must also use AES.
Key Updates These settings determine how often keys are changed.
  • Group Key Update
    This refers to the key used for broadcast transmissions. Enable this if you want the keys to be updated regularly, and enter the desired time period (Key Lifetime) between key updates.
  • Group Key Update when any membership terminates
    If enabled, the Group Key will be updated whenever any member leaves the group or disassociates from the Access Point.
RADIUS Accounting Enable this if you want this Access Point to send accounting data to the Radius Server.
If enabled, the port used by your Radius Server must be entered in the Radius Accounting Port" field.
Update Report every ... If Radius accounting is enabled, you can enable this and enter the desired update interval. This Access Point will then send updates according to the specified time period.

 


WPA and WPA2 with Radius
Radius Server Address Enter the name or IP address of the Radius Server on your network.
Radius Port Enter the port number used for connections to the Radius Server.
Client Login Name This read-only field displays the name used for the Client Login on the Radius Server. This Login name must be created on the Radius Server. (On some Radius Servers, you can use the AP's IP address instead of this name.)
Shared Key This is used for the Client Login on the Radius Server. Enter the key value to match the value on the Radius Server.
WPA Encryption The encryption method is TKIP for WPA, and AES for WPA2.
Key Updates These settings determine how often keys are changed.
  • Group Key Update
    This refers to the key used for broadcast transmissions. Enable this if you want the keys to be updated regularly, and enter the desired time period (Key Lifetime) between key updates.
  • Group Key Update when any membership terminates
    If enabled, the Group Key will be updated whenever any member leaves the group or disassociates from the Access Point.
RADIUS Accounting Enable this if you want this Access Point to send accounting data to the Radius Server.
If enabled, the port used by your Radius Server must be entered in the Radius Accounting Port" field.
Update Report every ... If Radius accounting is enabled, you can enable this and enter the desired update interval. This Access Point will then send updates according to the specified time period.

 


802.1x
Radius Server Address Enter the name or IP address of the Radius Server on your network.
Radius Port Enter the port number used for connections to the Radius Server.
Client Login Name This read-only field displays the name used for the Client Login on the Radius Server. This Login name must be created on the Radius Server. (On some Radius Servers, you can use the AP's IP address instead of this name.)
Shared Key This is used for the Client Login on the Radius Server. Enter the key value to match the value on the Radius Server.
WEP Key Size Select the desired option.
  • 64 Bit - data is encrypted, using the default key, before being transmitted. You must enter at least the default key. For 64 Bit Encryption, the key size is 5 chars (ASCII) or 10 chars in HEX (0~9 and A~F).
  • 128 Bit - data is encrypted, using the default key, before being transmitted. You must enter at least the default key. For 128 Bit Encryption, the key size is 13 chars (ASCII) or 26 chars in HEX (0~9 and A~F).
  • 156 Bit - data is encrypted, using the default key, before being transmitted. You must enter at least the default key. For 156 Bit Encryption, the key size is 16 chars (ASCII) or 32 chars in HEX (0~9 and A~F).
Dynamic WEP key If checked, the required WEP key is dynamically generated. This may use EAP-TLS, PEAP, or another method, depending on the methods supported by the client.
Key Exchange Enable this if you wish the Dynamic keys to be exchanged and updated regularly. If enabled, enter the desired Key Lifetime.
Static WEP key If enabled, this uses EAP-MD5. You must enter the WEP key on the WEP Key field below, and on each Wireless station.
The WEP Key Index must also match the key index used on other Wireless stations.
RADIUS Accounting Enable this if you want this Access Point to send accounting data to the Radius Server.
If enabled, the port used by your Radius Server must be entered in the Radius Accounting Port" field.
Update Report every ... If Radius accounting is enabled, you can enable this and enter the desired update interval. This Access Point will then send updates according to the specified time period.