Enabling authentication and encryption schemes, Enabling authentication and encryption, Schemes – Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual
Page 148
134
Brocade Mobility 5181 Access Point Product Reference Guide
53-1002516-01
Enabling authentication and encryption schemes
6
Enabling authentication and encryption schemes
To complement the built-in firewall filters on the WAN side of the Mobility 5181 Access Point, the
WLAN side of the Mobility 5181 Access Point supports authentication and encryption schemes.
Authentication is a challenge-response procedure for validating user credentials such as
username, password, and sometimes secret-key information. The Mobility 5181 Access Point
provides two schemes for authenticating users: 802.1x EAP and Kerberos.
Encryption applies a specific algorithm to alter its appearance and prevent unauthorized reading.
Decryption applies the algorithm in reverse to restore the data to its original form. Sender and
receiver must employ the same encryption/decryption method to interoperate.
Wired Equivalent Privacy (WEP) is available in two encryption modes: 40 bit (also called WEP 64)
and 104 bit (also called WEP 128). The 104-bit encryption mode provides a longer algorithm
(better security) that takes longer to decode (hack) than the 40-bit encryption mode.
Each WLAN (16 WLANs available in total to an Mobility 5181 Access Point regardless of the model)
can have a separate security policy. However, more than one WLAN can use the same security
policy. Therefore, to avoid confusion, do not name security policies the same name as WLANs.
Once security policies have been created, they are selectable within the Security field of each
WLAN screen. If the existing default security policy does not satisfy the data protection
requirements of a specific WLAN, a new security policy (using the authentication and encryption
schemes discussed above) can be created.
To enable an existing WLAN security policy or create a new policy:
1. Select Network Configuration -> Wireless -> Security
from the Mobility 5181 Access Point
menu tree.
The Security Configuration screen displays.
2. If a new security policy is required, click the Create button.
The New Security Policy screen displays with the Manually Pre-shared key/No authentication
and No Encryption options selected. Naming and saving such a policy (as is) would provide no
security and might only make sense in a guest network wherein no sensitive data is either
transmitted or received.
However, selecting any other authetnication or encryption checkbox displays a configuration
field for the selected security scheme within the New Security Policy screen.
NOTE
An existing security policy can be edited from the Security Configuration screen by selecting an
existing policy and clicking the Edit button. Use the Edit Security Policy screen to edit the policy.
For more information on editing an existing security policy, refer to security configuration
sections described in steps 4 and 5.
3. Use the Name field to define a logical security policy name.
Remember, multiple WLANs can share the same security policy, so be careful not to name
security policies after specific WLANs or risk defining a WLAN to single policy. Brocade
recommends naming the policy after the attributes of the authentication or encryption type
selected (for example, WPA2 Allow TKIP).
4. Enable and configure an Authentication option if necessary for the target security policy.