Chapter 7 Wireless LAN

AMG1302/AMG1202-TSeries User’s Guide

96

Click

Network Setting

>

Wireless

to display the

General

screen. Select

More Secure

as the

security level. Then select

WPA-PSK

or

WPA2-PSK

from the

Security Mode

list.

Figure 29

Wireless > General: More Secure: WPA(2)-PSK

The following table describes the wireless LAN security labels in this screen.

7.2.4

WPA(2) Authentication

The WPA2 security mode is currently the most robust form of encryption for wireless networks. It

requires a RADIUS server to authenticate user credentials and is a full implementation the security

protocol. Use this security option for maximum protection of your network. However, it is the least

backwards compatible with older devices.

Table 18

Wireless > General: More Secure: WPA(2)-PSK

LABEL

DESCRIPTION

Security Level

Select

More Secure

to enable WPA(2)-PSK data encryption.

Security Mode

Select

WPA-PSK

or

WPA2-PSK

from the drop-down list box.

Pre-Shared Key

The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only

difference between the two is that WPA(2)-PSK uses a simple common password,

instead of user-specific credentials.

Type a pre-shared key from 8 to 63 case-sensitive keyboard characters.

more.../hide more

Click

more...

to show more fields in this section. Click

hide more

to hide them.

WPA-PSK Compatible

This field appears when you choose

WPA-PSK2

as the

Security Mode

.

Select

Enable

to allow wireless devices using

WPA-PSK

security mode to connect to

your AMG1302/AMG1202-TSeries. The AMG1302/AMG1202-TSeries supports WPA-PSK

and WPA2-PSK simultaneously. Otherwise, select

Disable

.

Group Key Update

Timer

The

Group Key Update Timer

is the rate at which the RADIUS

server sends a new

group key out to all clients.

Encryption

This field displays the encryption type for data encryption.

If you choose

WPA-PSK

as the security mode, the AMG1302/AMG1202-TSeries uses

TKIP

for data encryption.

If you choose

WPA2-PSK

as the security mode and enable WPA-PSK Compatible, the

AMG1302/AMG1202-TSeries uses either TKIP and AES (

TKIPAES MIX

) for data

encryption.

If you choose

WPA2-PSK

as the security mode but disable WPA-PSK Compatible, the

AMG1302/AMG1202-TSeries uses

AES

for data encryption.

Chapter 7 Wireless LAN

AMG1302/AMG1202-TSeries User’s Guide

97

The WPA security mode is a security subset of WPA2. It requires the presence of a RADIUS server

on your network in order to validate user credentials. This encryption standard is slightly older than

WPA2 and therefore is more compatible with older devices.

Click

Network Setting

>

Wireless

to display the

General

screen. Select

More Secure

as the

security level. Then select

WPA

or

WPA2

from the

Security Mode

list.

Figure 30

Wireless > General: More Secure: WPA(2)

The following table describes the labels in this screen.

Table 19

Wireless > General: More Secure: WPA(2)

LABEL

DESCRIPTION

Security Level

Select

More Secure

to enable WPA(2) data encryption.

Security Mode

Choose

WPA

or

WPA2

from the drop-down list box.

Authentication Server

IP Address

Enter the IP address of the external authentication server in dotted decimal notation.

Port Number

Enter the port number of the external authentication server.

You need not change this value unless your network administrator instructs you to do

so with additional information.

Shared Secret

Enter a password (up to 31 alphanumeric characters) as the key to be shared between

the external authentication server and the AMG1302/AMG1202-TSeries.

The key must be the same on the external authentication server and your AMG1302/

AMG1202-TSeries. The key is not sent over the network.

more.../hide more

Click

more...

to show more fields in this section. Click

hide more

to hide them.

ReAuthentication

Timer

Enter how often the external authentication server requires a connected wireless client

to reauthenticate itself to the server again.

Network Re-auth

Interval

Specify how often wireless stations have to resend user names and passwords in order

to stay connected.

This field is available only when you select

WPA2

as security mode. If wireless station

authentication is done using a RADIUS server, the reauthentication timer on the

RADIUS server has priority.

WPA Compatible

This field is only available for WPA2. Select this if you want the AMG1302/AMG1202-

TSeries to support WPA and WPA2 simultaneously.

Chapter 7 Wireless LAN

AMG1302/AMG1202-TSeries User’s Guide

98

7.3

The More AP Screen

This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the AMG1302/

AMG1202-TSeries.

Click

Network Setting > Wireless

>

More AP

. The following screen displays.

Figure 31

Network Setting > Wireless > More AP

The following table describes the labels in this screen.

7.3.1

More AP Edit

Use this screen to edit an SSID profile. Click the

Edit

icon next to an SSID in the

More AP

screen.

The following screen displays.

Group Key Update

Timer

The

Group Key Update Timer

is the rate at which the RADIUS

server sends a new

group key out to all clients.

Encryption

Select the encryption type for data encryption.

If you choose

WPA

as the security mode, the AMG1302/AMG1202-TSeries uses

TKIP

for data encryption.

If you choose

WPA2

as the security mode and enable WPA-PSK Compatible, the

AMG1302/AMG1202-TSeries uses either TKIP and AES (

TKIPAES MIX

) for data

encryption.

If you choose

WPA2

as the security mode but disable WPA-PSK Compatible, the

AMG1302/AMG1202-TSeries uses

AES

for data encryption.

Table 19

Wireless > General: More Secure: WPA(2) (continued)

LABEL

DESCRIPTION

Table 20

Network Setting > Wireless > More AP

LABEL

DESCRIPTION

#

This is the index number of each SSID profile.

Active

This field indicates whether this SSID is active. A yellow bulb signifies that this SSID is active. A

gray bulb signifies that this SSID is not active.

SSID

An SSID profile is the set of parameters relating to one of the AMG1302/AMG1202-TSeries’s BSSs.

The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is

associated.

This field displays the name of the wireless profile on the network. When a wireless client scans for

an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.

Security

This field indicates the security mode of the SSID profile.

Modify

Click the

Edit

icon to configure the SSID profile.

Chapter 7 Wireless LAN

AMG1302/AMG1202-TSeries User’s Guide

99

Figure 32

More AP: Edit

The following table describes the fields in this screen.

Table 21

More AP: Edit

LABEL

DESCRIPTION

Wireless Network Setup

Wireless

Select

Enable Wireless LAN

to activate wireless LAN.

Wireless Network Settings

Wireless Network Name

(SSID)

The SSID (Service Set IDentity) identifies the service set with which a wireless

device is associated. Wireless devices associating to the access point (AP) must

have the same SSID.

Enter a descriptive name (up to 32 English keyboard characters) for the wireless

LAN.

Hide SSID

Select this check box to hide the SSID in the outgoing beacon frame so a station

cannot obtain the SSID through scanning using a site survey tool.

Client Isolation

Select this to keep the wireless clients in this SSID from communicating with each

other through the AMG1302/AMG1202-TSeries.

MBSSID/LAN Isolation

Select this to keep the wireless clients in this SSID from communicating with clients

in other SSIDs or wired LAN devices through the AMG1302/AMG1202-TSeries.

Select both

Client Isolation

and

MBSSID/LAN Isolation

to allow this SSID’s

wireless clients to only connect to the Internet through the AMG1302/AMG1202-

TSeries.

Security Level

Chapter 7 Wireless LAN

AMG1302/AMG1202-TSeries User’s Guide

100

7.4

The MAC Authentication Screen

This screen allows you to configure the AMG1302/AMG1202-TSeries to give exclusive access to

specific devices

(Allow)

or exclude specific devices from accessing the AMG1302/AMG1202-

TSeries

(Deny)

. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC

address is assigned at the factory and consists of six pairs of hexadecimal characters, for example,

00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen.

Use this screen to view your AMG1302/AMG1202-TSeries’s MAC filter settings and add new MAC

filter rules. Click

Network Setting

>

Wireless > MAC Authentication

. The screen appears as

shown.

Figure 33

Network Setting > Wireless > MAC Authentication

The following table describes the labels in this screen.

Security Mode

Select

Basic (WEP)

or

More Secure (WPA(2)-PSK, WPA(2))

to add security on

this wireless network. The wireless clients which want to associate to this network

must have same wireless security settings as the AMG1302/AMG1202-TSeries.

After you select to use a security, additional options appears in this screen.

Or you can select

No Security

to allow any client to associate this network without

any data encryption or authentication.

OK

Click

OK

to save your changes.

Cancel

Click

Cancel

to exit this screen without saving.

Table 21

More AP: Edit

LABEL

DESCRIPTION

Table 22

Network Setting > Wireless > MAC Authentication

LABEL

DESCRIPTION

SSID

Select the SSID for which you want to configure MAC filter settings.

MAC List

Define the filter action for the list of MAC addresses in the

MAC Address

table.

Select

Disable

to turn off MAC filtering.

Select

Allow

to permit access to the AMG1302/AMG1202-TSeries. MAC addresses not listed

will be denied access to the AMG1302/AMG1202-TSeries.

Select

Deny

to block access to the AMG1302/AMG1202-TSeries. MAC addresses not listed

will be allowed to access the AMG1302/AMG1202-TSeries.