WLAN Configuration

WLAN Rate Limiting

WLAN Rate Limit Total for this WLAN on this AP Per Client Rate Limit Total per client on this AP Application Rate Limit Limit total bandwidth available for specific applications Multiple applications can be used More applications will be added over time In general rate limiting should be used when required as it can have...

WLAN Security

WPA-2/PSK – standard pre shared key network. Reveal shows the key. WPA-2/EAP – Radius based authentication Open Access – Un-encrypted network typically used for guest networks. WPA-2/PSK with Multiple Passphrases – hundreds of different keys can be used on the same WLAN MAC authentication – can be used in combination with others – MAC address...

WPA-2/EAP(802.1x) Security

Add primary RADIUS server at the top of the list Add Accounting servers if required. NAS Identifier – this can be used by the RADIUS server to make decisions NAS IP address – again can be used by the RADIUS server. NOTE: The IP address of each AP must be added to the RADIUS server...

Personal WLANs

Personal WLANs are are secure micro-segmented networks across a single WLAN.  These Personal WLANs are created by generating unique keys to access the SSID.  Each of these keys automatically creates a segment of the WLAN, isolated from the other Personal WLANs on the same network.  This is limited to 5000 PSKs (with suggested/select firmware) To...

Multi PSK

Every PSK (Pre-shared Key) has a Key Name This name is reported in the Mist Management platform Allows user level accountability with PSK simplicity If a PSK is compromised there is no need to change every client. Multiple users allow any number to use the key Single user ties this key to a specific MAC...

WEP Security

Please note: WEP Authentication is not available by default.  If you would like to use WEP in your WLAN, please contact us and we will enable this feature for you. WLANs with WEP are enabled for compatibility with older clients that cannot be connected with the more modern security security protocols such as WPA-2. If...

TKIP Security

Please note: TKIP Encryption is not available by default.  If you would like to use TKIP in your WLAN, please contact us and we will enable this feature for you. WPA-2 with TKIP is enabled for compatibility with older clients that cannot be connected with the AES encryption protocol.  If your device is compatible, we...

VLANs (Static & Dynamic)

STATIC VLANs First configure a WLAN by going to Network > WLANs and then select Tagged in the VLAN section to configure a static VLAN for your network.  Here, enter your VLAN ID and make sure the same VLAN is tagged on your switch port. By default a WLAN will be set not to use...

MAC Authentication

Can be enabled with any security RADIUS Server then used to authenticate using MAC address as username and password Change of Authorization(COA) – again an external server can instruct the re-authentication of a client VLAN can also be untagged, tagged or dynamic in the same way as 802.1x wireless can.

RadSec

RadSec is a protocol which allows RADIUS servers to transfer data over TCP and TLS for increased security.  With RadSec capabilities, you can transfer RADIUS packets through public networks while still ensuring end-to-end security through the transport layer.  This feature is configurable through using our Mist API or directly from the UI. UI configuration To...