You can manage multiple WLANs on one security device. To distinguish one WLAN from another, you create a service set identifier (SSID), which identifies the WLAN. The settings for authentication and encryption are specific to each SSID. This flexibility allows you to apply differing levels of security as appropriate to the resources in each WLAN.
Enter a name for the SSID.
SSID: Enter a unique name up to 32 characters long to be used as the WLAN identifier. For security purposes, use a mix of upper- and lowercase letters, numbers, and symbols. Also, do not give the SSID a meaningful name that an attacker might use, such as the department or location of the security device.
Select one of the following WEP Based Authentication and Encryption Methods:
Open: Specifies that no authentication is performed. The wireless client supplies the correct SSID to be connected to the wireless network. You can specify the following encryption options:
No Encryption: Specifies that no encryption is performed.
WEP Encryption: Specifies that WEP encryption is used. If you select this option, you must choose where to store the WEP key.
Key Source: Select one of the following:
Local: Indicates the WEP key is stored on the security device. This is the default. If you select this option, you must configure a WEP key. For more information, see WEP Key.
Server: Indicates the WEP key is dynamically generated by the specified RADIUS server.
Both: Key is stored locally and on the RADIUS server. If you select this option, you must configure a default WEP key. For more information, see WEP Key.
Auth Server: Indicates that the WEP key is stored on an authentication server.
WEP Shared Key: Enables shared key authentication. This option requires a locally stored WEP key. For more information, see WEP Key.
Auto: Specifies that the security device accepts both open encryption with Wired Equivalent Privacy (WEP) or shared-key authentication.
Select one of the following WPA Based Authentication and Encryption Methods from each of the dropdown menus:
WPA Pre-Shared Key, WPA2 Pre-Shared Key, WPA Auto Pre-Shared Key: Allows you to configure a pre-shared key that is stored locally and on all wireless clients.
After selecting a key location, configure key information with the following information:
HEX Key: The key must be a 256-bit (64 characters) hexadecimal value. Enter the same key in the Confirm Hex Key field.
Key by Password: The password should contain 8-63 ASCII characters. Enter the same password in the Confirm Key by Password field.
Rekey Interval: Sets the group key update interval, which can range from 30-4294967295 seconds. The default value is 1800 seconds. You can also specify 0 if you are not using key updates.
Encryption Type:Specifies the encryption used between the device and wireless clients in the subnetwork. You can specify the following options:
Auto: Specifies either Advanced Encryption Standard (AES) or Temporal Key Integrity Protocol (TKIP) encryption.
TKIP: Specifies TKIP.
AES: Specifies AES.
WPA, WPA2, WPA Auto: Enables Wi-Fi Protected Access (WPA) authentication with an authentication server. If you enable WPA, WPA2, or WPA Auto authentication, you must also configure the authentication server.
After selecting an authentication method, enter authentication server information with the following:
Rekey Interval: Sets the group key update interval, which can range from 30-4294967295 seconds. The default value is 1800 seconds. You can also specify 0 to disable key updates.
Encryption Type:Specifies the encryption used between the device and wireless clients in the subnetwork. You can specify the following options:
Auto: Specifies either AES or TKIP encryption.
TKIP: Specifies temporal key integrity protocol (TKIP).
AES: Specifies American Encryption Standard (AES).
Set other options:
Wireless Interface Binding: Binds the SSID to a wireless interface. From the list of interfaces, select the interface to which you want to bind this SSID.
Disable SSID Broadcast: Select this option to disable the broadcasting of SSIDs in beacons that are advertised by the security device. If SSID broadcasting is disabled, only wireless clients that know of the SSID are able to associate. By default, SSIDs are broadcast in beacons.
SSID Client Isolation: Select this option to prohibit wireless clients in the same subnet from communicating directly with each other and bypassing the security device firewall services.
Click OK to save your configuration.
Enter a name for the SSID.
SSID: Enter a unique name up to 32 characters long to be used as the WLAN identifier. For security purposes, use a mix of upper- and lowercase letters, numbers, and symbols. Also, do not give the SSID a meaningful name that an attacker might use, such as the department or location of the security device.
Select one of the following WEP Based Authentication and Encryption Methods:
Open: Specifies that no authentication is performed. The wireless client supplies the correct SSID to be connected to the wireless network. You can specify the following encryption options:
No Encryption: Specifies that no encryption is performed.
WEP Encryption: Specifies that WEP encryption is used.
If you select this option, you can specify that the WEP key is stored locally on the device by creating a WEP key. For more information, see WEP Key.
If you want WEP keys to be generated by a RADIUS server, go to step 4.
WEP Shared Key: Enables shared key authentication. This option requires a locally stored WEP key. For more information, see WEP Key.
Auto: Specifies that the security device accepts both open encryption with Wired Equivalent Privacy (WEP) or shared-key authentication.
Select one of the following WPA Based Authentication and Encryption Methods from each of the dropdown menus:
WPA Pre-Shared Key, WPA2 Pre-Shared Key, WPA Auto Pre-Shared Key: Allows you to configure a pre-shared key that is stored locally and on all wireless clients.
After selecting an authentication method, configure key information with the following information:
HEX Key: The key must be a 256-bit (64 characters) hexadecimal value. Enter the same key in the Confirm Hex Key field.
Key by Password: The password should contain 8-63 ASCII characters. Enter the same password in the Confirm Key by Password field.
Rekey Interval: Sets the group key update interval, which can range from 30-42949672 seconds. The default value is 1800 seconds. You can also specify 0 if you are not using key updates.
Encryption Type:Specifies the encryption used between the device and wireless clients in the subnetwork. You can specify the following options:
Auto: Specifies Advanced Encryption Standard (AES) or Temporal Key Integrity Protocol (TKIP) encryption.
TKIP: Specifies TKIP.
AES: Specifies AES.
WPA, WPA2, WPA Auto: Enables Wi-Fi Protected Access (WPA) authentication with an authentication server. If you enable WPA, WPA2, WPA Auto authentication, you must also configure the authentication server.
After selecting an authentication method, enter authentication server information with the following:
Rekey Interval: Sets the group key update interval, which can range from 30-42949672 seconds. The default value is 1800 seconds. You can also specify 0 to disable key updates.
Encryption Type:Specifies the encryption used between the device and wireless clients in the subnetwork. You can specify the following options:
Auto: Specifies AES or TKIP encryption.
TKIP: Specifies Temporal Key Integrity Protocol (TKIP).
AES: Specifies American Encryption Standard (AES).
802.1X
Based Authentication and Encryption Methods:
To use 802.1X-based authentication and encryption, select 802.1X,
select an existing authentication server from the dropdown list. To define
a new authentication server, click Create
new Auth Server.
Note:If you enable
802.1X authentication, you must also configure the authentication server.
Set other options:
Wireless Interface Binding: Binds the SSID to a wireless interface. From the list of interfaces, select the interface to which you want to bind this SSID.
Disable SSID Broadcast: Select this option to disable the broadcasting of SSIDs in beacons that are advertised by the security device. If SSID broadcasting is disabled, only wireless clients that know of the SSID are able to associate. By default, SSIDs are broadcast in beacons.
SSID Client Isolation: Select this option to prohibit wireless clients in the same subnet from communicating directly with each other and bypassing the security device firewall services.
Click OK to save your configuration.