Page 71 / 193 Scroll up to view Page 66 - 70
71
Recommendations
WPA w/PSK not recommended for use with the D-Link DWL-2210AP when WPA with
RADIUS is an option.
We recommend that you use WPA with RADIUS mode instead, unless you have
interoperability issues that prevent you from using this mode.
For example, some devices on your network may not support WPA with
EAP
talking
to a
RADIUS
server. Embedded printer servers or other small client devices with
very limited space for implementation may not support RADIUS. For such cases, we
recommend that you use WPA-PSK.
See Also
For information on how to configure WPA-PSK security mode, see “WPA-PSK” under
“Configuring Security Settings” in this manual.
Does Prohibiting the Broadcast SSID Enhance Security?
You can suppress (prohibit) this broadcast to discourage stations from automatically
discovering your access point. When the AP’s broadcast SSID is suppressed, the network
name will not be displayed in the List of Available Networks on a client station. Instead,
the client must have the exact network name configured in the supplicant before it will
be able to connect.
Disabling the broadcast SSID is sufficient to prevent clients from accidentally connecting
to your network, but it will not prevent even the simplest of attempts by a hacker to
connect, or monitor plain text traffic.
This offers a very minimal level of protection on an otherwise exposed network (such
as a guest network) where the priority is making it easy for clients to get a connection
and where no sensitive information is available.
(See also “Guest Network” in this manual.)
Configuring Security
Page 72 / 193
72
Navigating to Security Settings
To set the security mode, navigate to the
Advanced > Security
tab, and update the
fields as described below.
Configuring Security Settings
The following configuration information explains how to configure security modes on
the access point. Keep in mind that each wireless client that wants to exchange data
with the access point must be configured with the same security mode and encryption
key settings consistent with access point security.
On a two-radio AP, these security settings apply to both radios.
Broadcast SSID and Security Mode
To configure security on the access point, select a security mode and fill in the related
fields as described in the following table. (Note you can also allow or prohibit the
Broadcast SSID as an extra precaution as mentioned below.)
Security modes other than Plaintext apply only to configuration of the “Internal” network.
On the “Guest” network, you can use only Plaintext mode. (For more information about
guest networks, see “Setting up Guest Access” in this manual.)
Configuring Security
Page 73 / 193
73
Broadcast SSID
Select the
Broadcast SSID
setting by clicking the “Allow” or “Prohibit”
radio button.
By default, the access point broadcasts (allows) the
Service Set
Identifier
(SSID) in its beacon frames.
You can suppress (prohibit) this broadcast to discourage stations
from automatically discovering your access point. When the AP’s
broadcast SSID is suppressed, the network name will not be
displayed in the List of Available Networks on a client station.
Instead, the client must have the exact network name configured
in the supplicant before it will be able to connect.
Security Mode
Select the
Security Mode
. Select one of the following:
• Plaintext
• Static WEP
• IEEE 802.1x
• WPA with RADIUS
• WPA-PSK
For a Guest network, only the “Plaintext” setting can be used. (For
more information, see “Setting up Guest Access” in this manual.)
Security modes other than Plaintext apply only to configuration of
the “Internal” network; on the Guest network, you can use only
Plaintext mode.
Field
Description
Plaintext
Plain Text
means any data transferred to and from the D-Link DWL-2210AP is not
encrypted.
There are no further options for “Plaintext” mode.
Plain text mode can be useful during initial network configuration or for problem solving,
but it is not recommended for regular use on the Internal network because it is not
secure.
Guest Network
Plain text mode is the only mode in which you can run the Guest network, which is by
definition an easily accessible, unsecure
LAN
always virtually or physically separated
from any sensitive information on the Internal LAN. For example, the guest network
might simply provide internet and printer access for day visitors.
Configuring Security
Page 74 / 193
74
Static WEP
Wired Equivalent Privacy
(
WEP
) is a data encryption protocol for 802.11 wireless
networks. All wireless stations and access points on the network are configured with a
static 64-bit (40-bit secret key + 24-bit initialization vector (IV)) or 128-bit (104-bit secret
key + 24-bit IV) Shared Key for data encryption.
You cannot mix 64-bit and 128-bit WEP keys between the access point and its client
stations. Static WEP is not the most secure mode available, but it offers more protection
than plaintext mode as it does prevent an outsider from easily sniffing out unencrypted
wireless traffic. (For more secure modes, see the sections on “IEEE 802.1x,” “WPA
with RADIUS,” or “WPA-PSK” in this manual. WEP encrypts data moving across the
wireless network based on a static key. (The encryption algorithm is a “stream” cipher
called RC4.)
The access point uses a key to transmit data to the client stations. Each client station
must use that same key to decrypt data it receives from the access point.
Client stations can use different keys to transmit data to the access point. (Or they can
all use the same key, but this is less secure because it means one station can decrypt
the data being sent by another.)
If you selected “Static WEP” Security Mode, provide the following on the access point
settings:
For a minimum level of protection on a guest network, you can choose to suppress
(prohibit) the broadcast of the SSID (network name) to discourage client stations from
automatically discovering your access point. (See also “Does Prohibiting the Broadcast
SSID Enhance Security?” in this manual). For more about the Guest network, see
“Setting up Guest Access” in this manual.
The absence of security on the Guest AP is designed to make it as easy as possible
for guests to get a connection without having to program any security settings in their
clients.
Configuring Security
Page 75 / 193
75
Field
Description
Transfer Key Index
Select a key index from the drop-down menu. Key indexes 1
through 4 are available. The default is 1.
The Transfer Key Index indicates which WEP key the access
point will use to encrypt the data it transmits.
Key Length
Specify the length of the key by clicking one of the radio buttons:
• 64-bits
• 128-bits
Key Type
Select the key type by clicking one of the radio buttons:
• ASCII
• Hex
Characters Required
Indicates the number of characters required in the WEP key.
The number of characters required updates automatically based
on how you set Key Length and Key Type.
WEP Keys
You can specify up to four WEP keys. In each text box, enter a
string of characters for each key.
If you selected “ASCII”, enter any combination of integers and
letters
0-9
,
a-z
, and
A-Z
. If you selected “HEX”, enter
hexadecimal digits (any combination of
0-9
and
a-f
or
A-F
).
Use the same number of characters for each key as specified in
the “Characters Required” field. These are the RC4 WEP keys
shared with the stations using the access point.
Each client station must be configured to use one of these
same WEP keys in the same slot as specified here on the AP.
(See “Rules to Remember for Static WEP” in this manual.)
Configuring Security

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top