Allied Telesis AT-WA7501 User Manual
Page 174
 
Chapter 6: Configuring Security
174
7. Implement one of these mutually-exclusive security solutions (on each
service set) to ensure secure communications between the access 
points and wireless end devices in your network:
Use basic WEP 64/128/152 security. You can configure up to four 
different WEP keys on the access point and most wireless end 
devices, and then you specify which key is being used to encrypt data. 
You should periodically change which WEP key these devices use. 
802.11g and 802.11b radios support WEP 64/128 security, and 
802.11a radios support 64/128/152 security. For help, see “Configuring 
WEP 64/128/152 Security” on page 191.
Use an 802.1x security solution. 802.1x security provides a framework 
to authenticate user traffic to a protected wireless network. Using 
802.1x security provides secure data transmission by creating a 
secure spanning tree and dynamically rotating the WEP keys. You 
configure the access point as an authenticator. For the authentication 
server, you can either use an external RADIUS server or you can use 
the access point’s embedded authentication server (EAS). For help, 
see “Implementing an 802.1x Security Solution” on page 194.
Use Wi-Fi Protected Access (WPA) security. WPA is a strongly 
enhanced, interoperable Wi-Fi security that addresses many of the 
vulnerabilities of Wired Equivalent Privacy (WEP). For help, see 
“Configuring Wi-Fi Protected Access (WPA) Security” on page 201.
For help troubleshooting security, see “Troubleshooting Security” on 
page 260.
When You
Include Multiple
RADIUS Servers
on the RADIUS
Server List
You can use multiple RADIUS servers to act as password servers, to 
support ACLs, and to use in an 802.1x security solution. When you 
configure each of these security solutions, you need to go to the RADIUS 
Server List screen and enter one or more RADIUS servers. 
The access point uses the first RADIUS server (Server 1) in the list as the 
main server. Other servers are simply backup servers. 
If the first RADIUS server responds and the client’s information does 
not appear in that server’s database, the client is blocked. The access 
point does not check the databases on any other RADIUS servers. 
If the first RADIUS server goes down during the operation and a 
RADIUS server lookup needs to occur, the authenticator access point 
will time out looking for the first server. Then, the access point looks for 
the next server in the list. If the authenticator access point finds the 
next server, it stays with that server forever, even if the first server 
comes back. If the backup server goes down, the authenticator access 
point continues looking down the list and eventually wraps around to 
the first server again.