WLAN Configuration

WPA-2/EAP(802.1x) Security

Add primary Radius server at the top of the list Add Accounting servers if required. NAS Identifier – this can be used by the Radius server to make decisions NAS IP address – again can be used by the Radius server. NOTE: The IP address of each AP must be added to the Radius server...

Personal WLANs

Personal WLANs are are secure micro-segmented networks across a single WLAN.  These Personal WLANs are created by generating unique keys to access the SSID.  Each of these keys automatically creates a segment of the WLAN, isolated from the other Personal WLANs on the same network.  There is no limit for the number of Personal WLANs...

Multi PSK

Every PSK has a Key Name This name is reported in the Mist Management platform Allows user level accountability with PSK simplicity If a PSK is compromised there is no need to change every client. Multiple users allow any number to use the key Single user ties this key to a specific MAC address  ...

WEP Security

Please note: WEP Authentication is not available by default.  If you would like to use WEP in your WLAN, please contact us and we will enable this feature for you. WLANs with WEP are enabled for compatibility with older clients that cannot be connected with the more modern security security protocols such as WPA-2. If...

TKIP Security

Please note: TKIP Encryption is not available by default.  If you would like to use TKIP in your WLAN, please contact us and we will enable this feature for you. WPA-2 with TKIP is enabled for compatibility with older clients that cannot be connected with the AES encryption protocol.  If your device is compatible, we...

VLANs (Static & Dynamic)

By default a WLAN will be set not to use VLANS – untagged. Customers may have already deployed VLANs on their network an you can tie this WLAN (SSID) to a specific VLAN. DYNAMIC VLANs Configuring a WLAN using dynamic VLANs allows you to assign different users to different VLANs depending on the password provided...

MAC Authentication

Can be enabled with any security Radius Server then used to authenticate using MAC address as username and password Change of Authorization – again an external server can instruct the re-authentication of a client VLAN can also be untagged, tagged or dynamic in the same way as 802.1x wireless can.

RadSec

RadSec is a protocol which allows RADIUS servers to transfer data over TCP and TLS for increased security.  With RadSec capabilities, you can transfer RADIUS packets through public networks while still ensuring end-to-end security through the transport layer.  This feature is configurable through using our Mist API or directly from the UI. UI configuration To...

COA/DM Server

Configuring a network with your CoA/DM server is an easy process with the Mist dashboard.  Just follow the steps below – all you need is the IP address and shared secret of your server. Create a WLAN with EAP (802.1X) security by navigating to Network > WLANs and selecting Add WLAN.  Enter in your RADIUS server IP and secret....

Isolation

By default Mist supports Proxy Arp. Proxy ARP is a technique by which a device on a given network answers the ARP queries for an IP address that is not on that network. The ARP proxy is aware of the location of the traffic’s destination, and offers its own MAC address as destination. Wikipedia ARP...