Cisco Wap4410n Wirelessn Manual
Have a look at the manual Cisco Wap4410n Wirelessn Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Configuring the Cisco WAP4410N Wireless-N Access Point Wirele ss WAP4410N Wireless-N Access Point with Power Over Internet Administration Guide 31 6 Configuring WPA-Personal Wi-Fi Protected Access (WPA) Personal (WPA-Personal) is a security standard stronger than WEP encryption and forward compatible with IEEE 802.11e. WPA- Personal is also known as WPA-PSK. To enable wireless WPA-Personal security, follow these steps: STEP 1Click Wireless > Security. STEP 2From the Security Mode drop-down menu, select WPA-Personal. STEP 3To enable wireless isolation within the SSID, click Enabled. STEP 4Provide the following information: •WPA Algorithms—WPA offers you two encryption methods, TKIP and AES for data encryption. Select the type of algorithm you want to use, TKIP or AES. The default is TKIP. •Pre-Shared Key—Enter a WPA Shared Key of 8–63 characters. •Key Renewal— Enter a key renewal timeout period, which instructs the access point how often it should change the encryption keys. The default is 3600 seconds. STEP 5Click Save. Configuring WPA2-Personal Security This security mode supports the WPA2-Personal protocol. To enable wireless WPA2-Personal security, follow these steps: STEP 1Click Wireless > Security. STEP 2From the Security Mode drop-down menu, select WPA2-Personal. STEP 3To enable wireless isolation within the SSID, click Enabled. STEP 4Provide the following information: •WPA Algorithms—(Read-only) WPA2-Personal automatically chooses AES for data encryption. •Pre-Shared Key—Enter a WPA Shared Key of 8–63 characters.
Configuring the Cisco WAP4410N Wireless-N Access Point Wirele ss WAP4410N Wireless-N Access Point with Power Over Internet Administration Guide 32 6 •Key Renewal—Enter a key renewal timeout period, which instructs the access point how often it should change the encryption keys. The default is 3600 seconds. STEP 5Click Save. Configuring WPA2-Personal Mixed This security mode supports the transition from WPA-Personal to WPA2-Personal. You can have client devices that use either WPA-Personal or WPA2-Personal. The access point will automatically choose the encryption algorithm used by each client device. To enable wireless WPA2-Personal Mixed security, follow these steps: STEP 1Click Wireless > Security. STEP 2From the Security Mode drop-down menu, select WPA2-Personal Mixed. STEP 3To enable wireless isolation within the SSID, click Enabled. STEP 4Provide the following information: •WPA Algorithms—(Read-only) The WPA2-Personal Mixed security mode automatically chooses TKIP or AES for data encryption. •Pre-Shared Key—Enter a WPA Shared Key of 8–63 characters. •Key Renewal—Enter a key renewal timeout period, which instructs the access point how often it should change the encryption keys. The default is 3600 seconds. STEP 5Click Save.
Configuring the Cisco WAP4410N Wireless-N Access Point Wirele ss WAP4410N Wireless-N Access Point with Power Over Internet Administration Guide 33 6 Configuring WPA-Enterprise The WPA-Enterprise mode features WPA used in coordination with a RADIUS server for client authentication. ! CAUTIONUse this mode only when a RADIUS server is connected to the access point. To enable wireless WPA-Enterprise security, follow these steps: STEP 1Click Wireless > Security. STEP 2From the Security Mode drop-down menu, select WPA-Enterprise. STEP 3To enable wireless isolation within the SSID, click Enabled. STEP 4Provide the following information: •Primary/Backup RADIUS Server—Enter the IP address of the RADIUS server. The Backup Radius server is used only if the primary server is unavailable. •Primary/Backup RADIUS Server Port—Enter the port number used by the RADIUS server. The default is 1812. The backup Radius server is used only if the primary server is unavailable. •Primary/Backup Shared Secret—Enter the Shared Secret key used by the access point and RADIUS server. The backup Radius server is used only if the primary server is unavailable. •WPA Algorithms—WPA offers two encryption methods, TKIP and AES for data encryption. Select one of these algorithms from the drop-down menu. The default is TKIP. •Key Renewal Timeout—Enter a key renewal timeout period, which instructs the access point how often it should change the encryption keys. The default is 3600 seconds. STEP 5Click Save.
Configuring the Cisco WAP4410N Wireless-N Access Point Wirele ss WAP4410N Wireless-N Access Point with Power Over Internet Administration Guide 34 6 Configuring WPA2-Enterprise The WPA2-Enterprise mode features WPA2 used in coordination with a RADIUS server for client authentication. ! CAUTIONUse this mode only when a RADIUS server is connected to the access point. To enable wireless WPA2-Enterprise security, follow these steps: STEP 1Click Wireless > Security. STEP 2From the Security Mode drop-down menu, select WPA2-Enterprise. STEP 3To enable wireless isolation within the SSID, click Enabled. STEP 4Provide the following information: •Primary/Backup RADIUS Server—Enter the IP address of the RADIUS server. The Backup Radius server is used only if the primary server is unavailable. •Primary/Backup RADIUS Server Port—Enter the port number used by the RADIUS server. The default is 1812. The backup Radius server is used only if the primary server is unavailable. •Primary/Backup Shared Secret—Enter the Shared Secret key used by the access point and RADIUS server. The backup Radius server is used only if the primary server is unavailable. •WPA Algorithms—WPA2 always uses AES for data encryption. •Key Renewal Timeout—Enter a key renewal timeout period, which instructs the access point how often it should change the encryption keys. The default is 3600 seconds. STEP 5Click Save.
Configuring the Cisco WAP4410N Wireless-N Access Point Wirele ss WAP4410N Wireless-N Access Point with Power Over Internet Administration Guide 35 6 Configuring WPA2-Enterprise Mixed This security mode supports the transition from WPA-Enterprise to WPA2- Enterprise. You can have client devices that use either WPA-Enterprise or WPA2- Enterprise. The access point will automatically choose the encryption algorithm used by each client device. ! CAUTIONUse this mode only when a RADIUS server is connected to the access point. To enable wireless WPA2-Enterprise Mixed security, follow these steps: STEP 1Click Wireless > Security. STEP 2From the Security Mode drop-down menu, select WPA2-Enterprise Mixed. STEP 3To enable wireless isolation within the SSID, click Enabled. STEP 4Provide the following information: •Primary/Backup RADIUS Server—Enter the IP address of the RADIUS server. The Backup Radius server is used only if the primary server is unavailable. •Primary/Backup RADIUS Server Port—Enter the port number used by the RADIUS server. The default is 1812. The backup Radius server is used only if the primary server is unavailable. •Primary/Backup Shared Secret—Enter the Shared Secret key used by the access point and RADIUS server. The backup Radius server is used only if the primary server is unavailable. •WPA Algorithms—WPA offers you two encryption methods, TKIP and AES for data encryption. Select one of these algorithms. The default is TKIP. •Key Renewal Timeout—Enter a key renewal timeout period, which instructs the access point how often it should change the encryption keys. The default is 3600 seconds. STEP 5Click Save.
Configuring the Cisco WAP4410N Wireless-N Access Point Wirele ss WAP4410N Wireless-N Access Point with Power Over Internet Administration Guide 36 6 Configuring RADIUS This option features a RADIUS server for client authentication. ! CAUTION Use this mode only when a RADIUS server is connected to the access point. To enable wireless Remote Authentication Dial-In User Service (RADIUS) security, follow these steps: STEP 1Click Wireless > Security. STEP 2From the Security Mode drop-down menu, select RADIUS. STEP 3To enable wireless isolation within the SSID, click Enabled. STEP 4Provide the following information: •Primary/Backup RADIUS Server—Enter the IP address of the RADIUS server. The Backup Radius server is used only if the primary server is unavailable. •Primary/Backup RADIUS Server Port—Enter the port number used by the RADIUS server. The default is 1812. The backup Radius server is used only if the primary server is unavailable. •Primary/Backup Shared Secret—Enter the Shared Secret key used by the access point and RADIUS server. The backup Radius server is used only if the primary server is unavailable. STEP 5Click Save. Configuring WEP This security mode is defined in the original IEEE 802.11. This mode is not recommended now due to its weak security protection. For better security, migrate to WPA or WPA2.
Configuring the Cisco WAP4410N Wireless-N Access Point Wirele ss WAP4410N Wireless-N Access Point with Power Over Internet Administration Guide 37 6 To enable wireless Wired Equivalent Privacy (WEP) security, follow these steps: STEP 1Click Wireless > Security. STEP 2From the Security Mode drop-down menu, select WEP. STEP 3To enable wireless isolation within the SSID, click Enabled. STEP 4Provide the following information: •Authentication Type—Choose Open System or Shared Key as the 802.11 authentication type. The default is Open System. •Default Transmit Key—Select the key to be used for data encryption. •WEP Encryption—Select a level of WEP encryption, 64 bits (10 hex digits) or 128 bits (26 hex digits). •Passphrase—To generate WEP keys using a passphrase, then enter the passphrase in the Passphrase field and click Generate. The auto-generated keys are not as strong as manual WEP keys. •Key 1-4—To manually create WEP keys, enter these keys in the Key 1, Key 2, Key 3, and Key 4 fields. Each WEP key can consist of the letters “A” through “F” and the numbers “0” through “9.”. A key should be 10 characters in length for 64-bit encryption or 26 characters in length for 128-bit encryption. STEP 5Click Save. Connection Control The Wireless > Connection Control page is used to exclude or allow only listed client stations to authenticate with the access point. Depending on how the WAP is configured, the WAP device may refer to a MAC filter list stored on an external RADlUS server, or may refer a MAC filter list stored locally on the WAP device. Enabling Local Connection Control To refer to a MAC filter list stored locally, follow these steps: STEP 1Click Wireless > Connection Control. STEP 2Click Local.
Configuring the Cisco WAP4410N Wireless-N Access Point Wirele ss WAP4410N Wireless-N Access Point with Power Over Internet Administration Guide 38 6 There are two ways to control the connection (association) of wireless client devices. You can either prevent specific devices from connecting to the access point, or you can allow only specific client devices to connect to the access point. The client devices are specified by their MAC addresses. The default is to allow only specific client devices. STEP 3To add a MAC address to the connection control list, click Wireless Client List. In the window that appears, select a MAC address to add to the connection control list. You can also manually add MAC addresses to the connection control list by entering these addresses in the MAC 01–20 fields. STEP 4Click Save. Enabling RADIUS Connection Control To refer to a MAC filter list stored on an external RADlUS server, follow these steps: STEP 1Click Wireless > Connection Control. STEP 2Click RADIUS. STEP 3Provide the following information: •Primary/Backup RADIUS Server—Enter the IP address of the RADIUS server. The Backup Radius server is used only if the primary server is unavailable. •Primary/Backup RADIUS Server Port—Enter the port number used by the RADIUS server. The default is 1812. The backup Radius server is used only if the primary server is unavailable. •Primary/Backup Shared Secret—Enter the Shared Secret key used by the access point and RADIUS server. The backup Radius server is used only if the primary server is unavailable. STEP 4Click Save. Disabling Connection Control To disable connection control locally or on a RADIUS server, follow these steps:
Configuring the Cisco WAP4410N Wireless-N Access Point Wirele ss WAP4410N Wireless-N Access Point with Power Over Internet Administration Guide 39 6 STEP 1Click Wireless > Connection Control. STEP 2Click Disabled. STEP 3Click Save. Wi-Fi Protected Setup The Wireless > Wi-Fi Protected Setup page allows you to configure the Wi-Fi Protected Setup (WPS) settings for the access point. WPS was designed to help standardize the setting up and configuring of security on a wireless network by typing a PIN (numeric code) or pushing a button (Push-Button Configuration, or PBC) in the device’s web configuration utility. On the Cisco WAP4410N, firmware 2.0.5.3 and later releases disabled WPS by default for better security protection. To configure the wireless WPS settings of the Cisco WAP4410N, follow these steps: STEP 1Click Wireless > Wi-Fi Protected Setup. STEP 2Configure the wireless wi-fi settings in one of three ways: 1. An administrator clicks the WPS button on the Wi-Fi Protected Setup page to allow a user to register a wireless client with the Cisco WAP4410N. The user also needs to click the WPS software button on their wireless device (the client side) at the same time as the WPS button is clicked on the Cisco WAP4410N. The connection is automatically set up. 2. This is the most secure option for an administrator to register a user ’s wireless client with the Cisco WAP4410N. The user gives the administrator their device’s WPS PIN number, which is found in the WPS utility. After entering the client’s WPS PIN number, the administrator clicks Register to register the user. Then clicks Save. The user can then connect to the Cisco WAP4410N. 3. Using any WPS client utility or Microsoft Vista, the user enters the Cisco WAP4410N’s WPS PIN number into the client device. The Cisco WAP4410N pin number is given on the Wi-Fi Protected Setup page. VLAN and QoS This Wireless > VL AN and QoS page allows you to configure the QoS and VLAN settings for the access point.
Configuring the Cisco WAP4410N Wireless-N Access Point Wirele ss WAP4410N Wireless-N Access Point with Power Over Internet Administration Guide 40 6 The Quality of Service (QoS) feature allows you to specify priorities for different types of traffic. Lower priority traffic is slowed to allow greater throughput or less delay for high priority traffic. The 802.1Q VLAN feature allows traffic from different sources to be segmented. Combined with the multiple SSID feature, this provides a powerful tool to control access to your network. To configure the wireless VLAN and QoS settings of the access point, follow these steps: STEP 1Click Wireless > VLAN & QoS. STEP 2To configure VLAN settings: NOTEYou can enable this feature only if the hubs/switches on your network support the VLAN standard. a. To enable VLAN, click Enabled. b. Provide the following information: •Default VLAN ID—Enter the default VLAN ID. •VLAN Tag—Select Tagged to determine the associated VLAN from the VLAN tag. The default is Untagged. •AP Management VLAN—Specify the VLAN ID used for management. •VLAN Tag over WDS—Select Enabled or Disabled as required. STEP 3To configure the QoS settings, enter the following information: •VLAN ID—Enter the ID to assign to the VLAN. •Priority—Select a priority from the list. The higher the number, the device assigns it a higher priority. For example, if setting up multiple networks you can issue a guest network a low number and a private network a higher number. •WMM—To enable WMM, check the corresponding check box. Wi-Fi Multimedia is a QoS feature defined by WiFi Alliance before IEEE 802.11e was finalized. Now it is part of IEEE 802.11e. When it is enabled, it provides four priority queues for different types of traffic. It automatically maps the incoming packets to the appropriate queues based on QoS settings (in IP or layer 2 headers). WMM provides the capability to prioritize traffic in your environment. The default is Enabled. STEP 4Click Save.