ii
Configuring WLAN security ······························································ 33
Overview ································································································································ 33
Authentication modes ········································································································· 33
WLAN data security ··········································································································· 34
Client access authentication ································································································ 35
Protocols and standards ····································································································· 35
Hardware compatibility with WLAN ······························································································ 35
Configuring WLAN security ········································································································ 36
Configuration task list ········································································································· 36
Enabling an authentication method ······················································································· 36
Configuring the PTK lifetime ································································································ 36
Configuring the GTK rekey method ······················································································· 37
Configuring security IE ······································································································· 38
Configuring cipher suite ······································································································ 38
Configuring port security ····································································································· 40
Displaying and maintaining WLAN security ············································································· 41
WLAN security configuration examples ························································································· 42
PSK authentication configuration example ·············································································· 42
MAC and PSK authentication configuration example ································································· 43
802.1X authentication configuration example ··········································································· 47
Supported combinations for ciphers ····························································································· 52
Configuring WLAN IDS ···································································· 55
Overview ································································································································ 55
Terminology ····················································································································· 55
Attack detection ················································································································ 55
Blacklist and white list ········································································································ 56
Hardware compatibility with WLAN ······························································································ 57
WLAN IDS configuration task list ································································································· 57
Configuring AP operating mode ·································································································· 58
Configuring attack detection ······································································································· 58
Configuring attack detection ································································································ 58
Displaying and maintaining attack detection ············································································ 58
Configuring blacklist and whitelist ································································································ 59
Configuring static lists ········································································································ 59
Configuring dynamic blacklist ······························································································· 59
Displaying and maintaining blacklist and whitelist ····································································· 60
WLAN IDS configuration examples ······························································································ 60
WLAN IDS configuration example ························································································· 60
Blacklist and whitelist configuration example ··········································································· 61
Configuring WLAN QoS ··································································· 62
Overview ································································································································ 62
Terminology ····················································································································· 62
WMM protocol ·················································································································· 62
Protocols and standards ····································································································· 64
Hardware compatibility with WLAN ······························································································ 64
Configuring WMM ···················································································································· 64
Configuration restrictions and guidelines ················································································ 64
Configuration procedure ····································································································· 65
Displaying and maintaining WMM ························································································· 66
WMM configuration examples ······························································································ 66
Troubleshooting ················································································································ 69
Configuring client rate limiting ····································································································· 70
Configuration procedure ····································································································· 70
Displaying and maintaining client rate limiting ·········································································· 70
Client rate limiting configuration example ················································································ 71
Index ··························································································· 73