Mitel Deutschland GmbH 68635RFP36U-01 ユーザーズマニュアル
Configuration and Administration
275
802.11i: WPA2-Enterprise Pre-Authentication for fast Roaming
WLAN stations (e.g. laptop) which decide to roam to another WLAN access point (AP) must perform the
full authentication process with the new AP. In 802.1X (RADIUS) networks this can take a long time
resulting in network dropouts during the roam.
WLAN stations (e.g. laptop) which decide to roam to another WLAN access point (AP) must perform the
full authentication process with the new AP. In 802.1X (RADIUS) networks this can take a long time
resulting in network dropouts during the roam.
The AP share authentication information with other APs, so the station can authenticate faster (pre-auth)
when roaming to a new AP. This method reduces network dropouts significantly.
when roaming to a new AP. This method reduces network dropouts significantly.
The RFP43 automatically enables pre-authentication for WPA-Enterprise enabled WLANs.
The RFP42
does not support this feature.
Channel Configuration Feedback for HT40 and Transmit Power
The HT40 channel configuration in 802.11n enabled networks may not always become active because of
other access points that use channels that would overlap. In this case, the RFP43 will fall back to HT20.
The HT40 channel configuration in 802.11n enabled networks may not always become active because of
other access points that use channels that would overlap. In this case, the RFP43 will fall back to HT20.
The effective channel configuration and the transmit power are reported to the OpenMobility Manager.
Users can inspect these parameters using the WEB interface and the OMP and may change the channel
to a frequency without overlapping APs.
to a frequency without overlapping APs.
7.18.3 SECURING THE WLAN
In order to ensure that communication in the WLAN network is secure, several measures must be taken.
Firstly, data packets transmitted via the openly visible radio interface must be encrypted, and secondly,
all WLAN components that provide services must authenticate themselves.
Firstly, data packets transmitted via the openly visible radio interface must be encrypted, and secondly,
all WLAN components that provide services must authenticate themselves.
There are different encryption methods available that you configure within the WLAN profile (see section
5.8.1). However, only the recent WiFi protected access (WPA) encryption offers sufficient security
against possible intruders. You should not use the (older) WEP encryption for your company LAN.
5.8.1). However, only the recent WiFi protected access (WPA) encryption offers sufficient security
against possible intruders. You should not use the (older) WEP encryption for your company LAN.
Especially with larger WLAN installations, the single shared secret offered by WPA-personal may not be
sufficient for your security requirements, because any person that connects to the WLAN needs to know
the same shared secret. For this reason, you should also setup RADIUS authentication that is supported
by all RFP 42 WLAN and RFP 43 WLAN devices.
sufficient for your security requirements, because any person that connects to the WLAN needs to know
the same shared secret. For this reason, you should also setup RADIUS authentication that is supported
by all RFP 42 WLAN and RFP 43 WLAN devices.
A Radius Server (Remote Authentication Dial In User Service) handles 802.1x Authentication, thus
authorizing different WLAN clients with an individual username / password combination to log in. We
recommend a Radius Server with EAP-TLS (e.g. FreeRadius or MS Windows 2003 IAS Server) and a
Certificate Authority (CA).
authorizing different WLAN clients with an individual username / password combination to log in. We
recommend a Radius Server with EAP-TLS (e.g. FreeRadius or MS Windows 2003 IAS Server) and a
Certificate Authority (CA).
The RADIUS authentication takes place between the RADIUS server and the RADIUS client, with the
WLAN RFP to pass-through this communication. You should refer to the documentation that comes with
your RADIUS product for details on how to setup, maintain and operate the RADIUS system.
WLAN RFP to pass-through this communication. You should refer to the documentation that comes with
your RADIUS product for details on how to setup, maintain and operate the RADIUS system.