Wireless Settings

5-27

Figure 5-21.

WMM Parameters

WMM Acknowledge Policy

– By default, all wireless data transmissions require the

sender to wait for an acknowledgement from the receiver. WMM allows the

acknowledgement wait time to be turned off for each Access Category (AC).

Although this increases data throughput, it can also result in a high number of errors

when traffic levels are heavy. (Default: Acknowledge)

WMM BSS Parameters

– These parameters apply to the wireless clients.

WMM AP Parameters

– These parameters apply to the access point.

•

logCWMin

(Minimum Contention Window) – The initial upper limit of the random

backoff wait time before wireless medium access can be attempted. The initial wait

time is a random value between zero and the CWMin value. Specify the CWMin

value in the range 0-15 microseconds. Note that the CWMin value must be equal

or less than the CWMax value.

•

logCWMax

(Maximum Contention Window) – The maximum upper limit of the

random backoff wait time before wireless medium access can be attempted. The

contention window is doubled after each detected collision up to the CWMax value.

Specify the CWMax value in the range 0-15 microseconds. Note that the CWMax

value must be greater or equal to the CWMin value.

•

AIFS

(Arbitration Inter-Frame Space) – The minimum amount of wait time before

the next data transmission attempt. Specify the AIFS value in the range

0-15 microseconds.

System Configuration

5-28

•

TXOP Limit

(Transmit Opportunity Limit) – The maximum time an AC transmit

queue has access to the wireless medium. When an AC queue is granted a

transmit opportunity, it can transmit data for a time up to the TxOpLimit. This data

bursting greatly improves the efficiency for high data-rate traffic. Specify a value in

the range 0-65535 microseconds.

•

Admission Control

– The admission control mode for the access category. When

enabled, clients are blocked from using the access category. (Default: Disable)

WLAN Security

The wireless AP/Router’s wireless interface is configured by default as an “open

system,” which broadcasts a beacon signal including the configured SSID. Wireless

clients with a configured SSID of “ANY” can read the SSID from the beacon, and

automatically set their SSID to allow immediate connection to the wireless network.

To improve wireless network security, you have to implement two main functions:

•

Authentication

– It must be verified that clients attempting to connect to the

network are authorized users.

•

Traffic Encryption

– Data passing between the unit and clients must be protected

from interception and eavesdropping.

For a more secure network, the wireless AP/Router can implement one or a

combination of the following security mechanisms:

•

Wired Equivalent Privacy (WEP)

•

IEEE 802.1X

•

Wi-Fi Protected Access (WPA) or WPA2

The security mechanisms that may be employed depend on the level of security

required, the network and management resources available, and the software

support provided on wireless clients. Click on “Wireless Settings,” followed by

“Security”.

Security

The wireless AP/Router supports two virtual access point (VAP) interfaces referred

to as WLAN1 and WLAN2. Each VAP functions as a separate access point, and can

be configured with its own security settings.

Wireless Settings

5-29

Click on “Wireless Settings,” followed by “Security”.

Figure 5-22.

Wireless Security Settings

Security Settings

— The security settings determine the security mode and enable

WEP keys.

•

Security Mode

– Configures the security mode used by clients.

(WLAN1/WLAN2 Defaults: Open)

System Configuration

5-30

-

Open

: Open-system authentication accepts any client attempting to connect the

wireless AP/Router without verifying its identity. In this mode the default

encryption type is "None."

-

Shared

: The shared-key approach uses Wired Equivalent Privacy (WEP) to

verify client identity by distributing a shared key to clients before attempting

authentication.

-

WEP Auto

: Allows WLAN clients to associate using Open-WEP (uses WEP for

encryption only) or Shared-WEP (uses WEP for authentication and encryption).

If enabled, you must configure at least one key for the VAP interface and all its

clients. Wired Equivalent Privacy (WEP) provides a basic level of security,

preventing unauthorized access to the network and encrypting data

transmitted between wireless clients and the wireless AP/Router. WEP uses

static shared keys (fixed-length hexadecimal or alphanumeric strings) that are

manually distributed to all clients that want to use the network.

Wireless Settings

5-31

-

WPA-PSK

or

WPA2-PSK

or

WPA-PSK/WPA2-PSK

: The WPA or WPA2 mode

uses a common password phrase, called a Pre-Shared Key, that must be

manually distributed to all clients that want to connect to the network. Specify a

key as an easy-to-remember form of letters and numbers. The WPA Preshared

Key can be input as ASCII string (8-63 characters) or Hexadecimal format

(length is 64). All wireless clients must be configured with the same key to

communicate with the VAP interface.

-

WPA2

: The WPA Enterprise mode uses IEEE 802.1X as its basic framework for

user authentication and dynamic key management. IEEE 802.1X access

security uses Extensible Authentication Protocol (EAP) and requires a

configured RADIUS authentication server to be accessible in the enterprise

network. If you select WPA or WPA2 Enterprise mode, be sure to configure the

RADIUS settings. See “RADIUS” on page 5-34 for more information.