Mojo Networks Inc. SS300AT Manual Do Utilizador
Setting
ȱupȱtheȱServerȱConsoleȱ
SpectraGuard
®
ȱEnterpriseȱInstallationȱGuideȱ
63
¾
Any:
ȱAllowȱAPsȱwithȱanyȱauthenticationȱframeworkȱtoȱconnectȱtoȱtheȱsystemȱ
¾
Select:
ȱSpecifyȱtheȱauthenticationȱframework–PSKȱandȱ802.1xȱ(EAP).ȱTheȱauthenticationȱframeworkȱisȱonlyȱ
applicableȱifȱtheȱtemplateȱsupportsȱWPA/WPA2ȱandȱ802.11iȱprivacyȱ
x
Encryption
ȱProtocolsȱallowsȱyouȱtoȱselectȱtheȱallowedȱencryptionȱprotocolsȱforȱtheȱSSID:ȱ
¾
Any:
ȱAllowȱAPsȱwithȱanyȱencryptionȱprotocolȱforȱthisȱSSIDȱ
¾
Select:
ȱSpecifyȱtheȱencryptionȱprotocols–WEP40,ȱWEP108,ȱTKIP,ȱandȱCCMP.ȱTKIPȱandȱCCMPȱareȱavailableȱonlyȱ
ifȱtheȱtemplateȱsupportsȱWPA/WPA2ȱandȱ802.11iȱprivacyȱ
x
Security
ȱSettingsȱallowsȱyouȱtoȱselectȱtheȱsecurityȱprotocol(s)ȱforȱtheȱSSID:ȱ
¾
Any:
ȱAllowȱAPsȱwithȱanyȱsecurityȱsettingsȱtoȱconnectȱ
¾
Select:
ȱSpecifyȱtheȱprivacyȱmechanism–Open,ȱWEP,ȱWPA,ȱandȱ802.11iȱforȱtheȱAPsȱconnectedȱtoȱtheȱSSIDȱ
x
Cisco
ȱMFPȱallowsȱyouȱtoȱmakeȱclassificationȱdecisionsȱonȱCiscoȱManagementȱFrameȱProtection(MFP)ȱcapabilityȱifȱ
802.11i
ȱcheckboxȱisȱselectedȱunderȱSecurityȱSettings:ȱ
¾
Any:ȱPolicyȱdoesȱnotȱcheckȱforȱMFP;ȱbothȱCiscoȱMFPȱenabledȱandȱdisabledȱAPsȱareȱclassifiedȱasȱAuthorizedȱ
¾
Select:ȱPolicyȱchecksȱforȱMFPȱ
Cisco
ȱMFPȱEnabled:ȱSelectȱtoȱclassifyȱonlyȱCiscoȱMFPȱsupportingȱAPsȱasȱAuthorizedȱAPsȱ
Cisco
ȱMFPȱDisabled:ȱSelectȱtoȱclassifyȱnonȬCiscoȱMFPȱsupportingȱAPsȱasȱAuthorizedȱAPsȱ
x
AP
ȱCapabilitiesȱallowsȱyouȱtoȱselectȱtheȱadditionalȱcapabilitiesȱthatȱAuthorizedȱAPsȱmayȱhave.ȱIfȱyouȱselectȱanyȱofȱ
theseȱadvancedȱcapabilities,ȱtheȱclassificationȱlogicȱallowsȱAPsȱwithȱandȱwithoutȱtheseȱcapabilities.ȱSelectȱoneȱofȱtheȱ
following:ȱ
¾
following:ȱ
¾
Any:
ȱAllowȱAPsȱwithȱanyȱspecialȱcapabilityȱforȱthisȱSSIDȱ
¾
Select:
ȱSpecifyȱifȱtheȱAPȱusesȱanyȱTurbo/SuperȱtechniquesȱusedȱbyȱAtherosȱtoȱgetȱhigherȱthroughputs–Turbo,ȱ
SuperAG,ȱandȱDot11nȱ(802.11n)ȱ
x
Authentication
ȱTypesȱallowsȱyouȱtoȱselectȱtheȱallowedȱauthenticationȱtypesȱthatȱClientsȱcanȱuse.ȱAuthenticationȱ
typesȱdoȱnotȱdetermineȱtheȱclassificationȱofȱAPs,ȱbutȱareȱusedȱtoȱraiseȱanȱeventȱifȱaȱClientȱisȱauthenticatedȱviaȱaȱnonȬ
allowedȱauthenticationȱtype.ȱTheȱsystemȱraisesȱthisȱeventȱonlyȱifȱtheȱsystemȱseesȱauthenticationȱprotocolȱhandshakeȱ
frames.ȱ
¾
allowedȱauthenticationȱtype.ȱTheȱsystemȱraisesȱthisȱeventȱonlyȱifȱtheȱsystemȱseesȱauthenticationȱprotocolȱhandshakeȱ
frames.ȱ
¾
Any:
ȱAllowȱClientsȱwithȱanyȱauthenticationȱtypeȱforȱthisȱSSIDȱ
¾
Select:
ȱSpecifyȱtheȱauthenticationȱtypesȱthatȱClientsȱcanȱuseȱ(onlyȱifȱ802.1xȱisȱselected)–PEAP,ȱEAPȬTLS,ȱLEAP,ȱ
EAPȬTTLS,ȱEAPȬFAST,ȱandȱEAPȬSIMȱSelectionȱisȱallowedȱ
x
Allowed
ȱNetworksȱallowsȱyouȱtoȱselectȱtheȱnetworksȱwhereȱAuthorizedȱAPsȱwithȱthisȱSSIDȱareȱconnected:ȱ
¾
Any:
ȱAllowȱAPsȱwithȱthisȱSSIDȱtoȱconnectȱtoȱanyȱnetworkȱ
¾
Select
ȱNetworks:ȱSpecifyȱtheȱnetworksȱwhereȱAuthorizedȱAPsȱwithȱthisȱSSIDȱareȱconnected.ȱYouȱcanȱeitherȱ
chooseȱfromȱnetworksȱthatȱareȱdiscoveredȱautomaticallyȱbyȱtheȱsystemȱorȱaddȱnewȱnetworksȱthatȱareȱnotȱyetȱ
discoveredȱbyȱtheȱsystemȱ
discoveredȱbyȱtheȱsystemȱ
Clickȱ<SelectȱNetworks>ȱtoȱopenȱAllowedȱNetworksȱforȱSSIDȱdialogȱwhereȱyouȱcanȱmoveȱaȱnetworkȱfromȱ
Networks
Networks
ȱMonitoredȱbyȱtheȱSystemȱtoȱAllowedȱNetworksȱforȱthisȱSSIDȱandȱaddȱorȱdeleteȱnetworks.ȱ
x
UnderȱAllowedȱAPȱVendors,ȱselectȱoneȱofȱtheȱfollowing:ȱ
¾
¾
Any:
ȱAllowȱAPsȱmanufacturedȱbyȱanyȱvendorȱtoȱconnectȱtoȱtheȱsystemȱ
¾
Select
ȱVendors:ȱSelectȱtheȱmanufacturerȱofȱtheȱAPȱwithȱtheȱspecifiedȱSSID.ȱIfȱanȱAPȱwithȱtheȱspecifiedȱSSIDȱisȱ
discoveredȱatȱthisȱlocation,ȱtheȱsystemȱdeclaresȱitȱasȱaȱRogue,ȱunlessȱoneȱofȱtheȱmanufacturersȱlistedȱ
manufacturesȱit.ȱ
manufacturesȱit.ȱ
SSIDȱTemplatesȱ
AȱpolicyȱisȱcollectionȱofȱSSIDȱtemplatesȱattachedȱtoȱthatȱlocation.ȱYouȱcanȱapplyȱanȱSSIDȱtemplateȱfromȱtheȱparentȱorȱcreateȱitȱ
locally;ȱifȱyouȱwishȱtoȱcustomizeȱtheȱWLANȱpolicyȱforȱthatȱlocation.ȱOtherȱtemplatesȱmayȱbeȱavailableȱtoȱbeȱattachedȱbutȱareȱ
notȱpartȱofȱtheȱWLANȱpolicyȱandȱwillȱnotȱbeȱusedȱforȱAPȱclassification.ȱ
AȱpolicyȱisȱcollectionȱofȱSSIDȱtemplatesȱattachedȱtoȱthatȱlocation.ȱYouȱcanȱapplyȱanȱSSIDȱtemplateȱfromȱtheȱparentȱorȱcreateȱitȱ
locally;ȱifȱyouȱwishȱtoȱcustomizeȱtheȱWLANȱpolicyȱforȱthatȱlocation.ȱOtherȱtemplatesȱmayȱbeȱavailableȱtoȱbeȱattachedȱbutȱareȱ
notȱpartȱofȱtheȱWLANȱpolicyȱandȱwillȱnotȱbeȱusedȱforȱAPȱclassification.ȱ
TheȱSSIDȱTemplatesȱsectionȱlistsȱtheȱSSIDȱtemplatesȱthatȱareȱavailableȱatȱaȱparticularȱlocation.ȱYouȱmustȱapplyȱtheȱtemplatesȱ
fromȱtheȱavailableȱlistȱtoȱcreateȱtheȱWLANȱpolicyȱatȱthatȱlocation.ȱAȱnewȱAPȱorȱanȱexistingȱAuthorizedȱAPȱisȱcomparedȱagainstȱ
theȱappliedȱSSIDȱtemplatesȱtoȱdetermineȱifȱitȱisȱaȱRogueȱorȱMisȬconfiguredȱAP.ȱTheȱSSIDȱtemplatesȱcreatedȱatȱotherȱlocationsȱ
canȱbeȱappliedȱtoȱaȱselectedȱlocationȱbutȱcannotȱbeȱeditedȱorȱdeleted.ȱTheȱeditȱandȱdeleteȱoperationsȱareȱpossibleȱonlyȱatȱtheȱ
locationȱwhereȱtheȱtemplateȱisȱcreated.ȱTheȱtableȱshowsȱtheȱfollowingȱdetails:ȱ
fromȱtheȱavailableȱlistȱtoȱcreateȱtheȱWLANȱpolicyȱatȱthatȱlocation.ȱAȱnewȱAPȱorȱanȱexistingȱAuthorizedȱAPȱisȱcomparedȱagainstȱ
theȱappliedȱSSIDȱtemplatesȱtoȱdetermineȱifȱitȱisȱaȱRogueȱorȱMisȬconfiguredȱAP.ȱTheȱSSIDȱtemplatesȱcreatedȱatȱotherȱlocationsȱ
canȱbeȱappliedȱtoȱaȱselectedȱlocationȱbutȱcannotȱbeȱeditedȱorȱdeleted.ȱTheȱeditȱandȱdeleteȱoperationsȱareȱpossibleȱonlyȱatȱtheȱ
locationȱwhereȱtheȱtemplateȱisȱcreated.ȱTheȱtableȱshowsȱtheȱfollowingȱdetails:ȱ