Filtering

Access Rule for When MAC filtering is enabled, all registered MAC addresses

registered MAC are controlled by the Access Rule.

address

MAC Filtering Lists allowed MAC addresses.

Table (up to 32

stations)

Security

It is important to be aware of security issues, especially when using wireless. You can

configure your security settings on this page.

If you are transmitting sensitive data across radio channels, you should enable wireless security.

For a more secure network, the Belgacom b-box can implement one or a combination of the

following security mechanisms:

• No WEP, No WPA *

.

• WEP Only

.

• WPA Only

* Selecting the No WEP, No WPA option will bring you directly to the 802.1x configuration page.

The security mechanisms that may be employed depend on the level of security required, the

41

network and management resources available, and the software support provided on wireless

clients. A summary of wireless

security considerations is listed in the following table.

Security

Client

Support

Implementation

Considerations

WEP

Built-in

support on all

802.11b and

802.11g

devices

•Only provides weak security.

•Requires manual key

management.

WPA

Requires

WPA-enabled

system and

network card

driver (native

support

provided in

Windows XP)

•Provides good security in small

networks. •Requires configured

RADIUS server, or manual

management of pre-shared key.

802.1X

Requires

WPA-enabled

system and

network card

driver (native

support

provided in

Windows XP)

•Provides robust security in

WPA-only mode (i.e., WPA

clients only). •Requires

configured RADIUS server.

•802.1x Extensible

Authentication Protocol (EAP)

type may require management of

digital certificates for clients and

server.

WEP

Wired Equivalent Privacy (WEP) encryption requires you to use the same set of

encryption/decryption keys for the router and all of your wireless clients.

42

See the description of the Access Control features below.

Parameter Description

WEP

WEP

Mode

You can choose disabled, 64-bit or 128-bit

encryption.

Key Entry

Method

When MAC filtering is enabled, all registered

MAC addresses are controlled by the Access

Rule.

Key Provisioning Select static key or dynamic key.

Static WEP Key

You may manually enter the keys or automatically generate

Setting

encryption keys. To manually configure the keys, enter 10 digits for each 64-bit

key, or enter 26 digits for the single 128bit key. (A hexadecimal digit is a number

or letter in the range 0-9 or A-F.)

Default Key ID Select the default key.

Passphrase

For automatic key generation, check the Passphrase box, enter a passphrase

and click “SAVE SETTINGS.”

Key 1-4

If you do not choose to use the Passphrase for automatic key generation, you

must manually enter four keys. For 64-bit encryption, enter exactly 10 digits. For

128-bit encryption, enter exactly 26 digits. (A hexadecimal digit is a number or

letter in the range 0-9 or A-F.)

Click “SAVE SETTINGS” to apply your settings.

WPA

Wi-Fi Protected Access (WPA) combines Temporal Key Integrity Protocol (TKIP) and

802.1x mechanisms. It provides dynamic key encryption and 802.1x authentication service.

43

With TKIP, WPA uses 48-bit initialization vectors, calculates an 8-byte message integrity

code, and generates an encryption key periodically. For authentication, it allows you to use

802.1x authentication for an environment with a RADIUS server installed on your network.

Selecting the Pre-shared Key enables WPA to use the pre-shared key in a SOHO network.

See the description of the WPA settings below.

Field Default Parameter Description

WPA mode

The security mode your product is currently using.

WPA/WPA2 mode is the most secure option.

Cypher suite Auto/Aes

The key encryption suite used by WPA and WPA2 for frame

body and CRC frame encryption. This setting ensures maximum

security

Authentication 802.1X

Select the authentication mode:

±

802.1x: It is for an enterprise network with a RADIUS server

installed.

±

Pre-shared Key: It is for a SOHO network without any

authentication server installed.

Pre-shared key Passphrase (8~63 Select the key type:

type characters)

•Passphrase: Input 8~63

characters.

±

Hex: Input 64 hexadecimal digits. (A hexadecimal digit is a

number or letter in the range 0-9 or A-F.)

Pre-shared Key None

Specify in passphrase style or in 64-Hex characters.

Group Key Disable

The period of renewing broadcast/multicast Re_Keying keys.

44

802.1X

Management access will be checked against the authentication database stored on the

router. If an authentication RADIUS server is used, you must specify the secret key of the

Message-Authenticator attribute, i.e., Message Digest-5 (MD5), and the corresponding

parameters in the RADIUS Server Parameters field for the remote authentication protocol.

See the description of the 802.1x features below.

• General Parameters

Field Default Parameter Description

Enable 802.1X Yes Session Idle 300 seconds Timeout

Re-Authentication 3600 seconds Period

Quiet Period 60 seconds

Server Type RADIUS Starts using 802.1x security control.

Defines a maximum period of time for which the connection is maintained during inactivity.

Defines a maximum period of time for which the RADIUS server will dynamically re-assign a

session key to a connected client station.

Defines a maximum period of time for which the router will wait between failed authentications.

Selects the authentication server type.

• RADIUS Server Parameters

Field Default Description Parameter

Server IP 192.168.1.1 The IP address of the RADIUS server.

45