3Com 3CRWE80096A User Guide - Page 25

802.1x RADIUS Support 19 802.1x RADIUS Support 3Com 128-bit Dynamic Security Link Encryption. 3Com's proprietary 128-bit Dynamic Security Link is built into the access point and permits user-level authentication. This option can be used only with local access point authentication. Users must log in with username and password. (The access point username and password database can support up to 1000 names.) Once the user is authenticated, the access point dynamically creates a unique 128-encryption key for the user for that session. Encryption keys are generated automatically and so do not need to be supplied. To take advantage of this security setting, clients must use a 3Com Wireless LAN PC Card (model 3CRWE62092A). The IEEE 802.1x standard specifies a general method for the provision of port-based network access control. It provides an architecture framework for User-RADIUS authentication through an authenticator such as a wireless access point or a switch. The access point supports any RADIUS implementation compliant with RFC 2865 and following standard EAP, RFC 2284, 2716, and 2548 protocols. This includes support for port-based network access control, which permits standard security protocols such as EAP and RADIUS to provide centralized user identification, authentication, dynamic key management, and accounting. (The access point supports RADIUS Accounting per RFC2866: Username, Start time, Stop time, and Packet input/output.) 3Com does not supply RADIUS software or configuration instructions other than what is applicable for access point configuration. Refer to your system administrator for additional third-party software and configuration information. The access point supports any RADIUS server that complies with RFC 2865 and follows standard EAP, RFC 2284, 2716, and 2548. Using the Wireless 802.1x Agent 3Com provides a software utility to allow Windows clients to authenticate to the Access Point 8000 using either EAP-MD5 or 3Com Serial Authentication. The 802.1x agent can be used with any vendor's PC card, but to take advantage of 3Com's Serial Authentication, it must be used with a 3Com Wireless LAN PC Card (model 3CRWE62092A) that has been upgraded to the latest firmware. A copy of the agent must be installed on each client computer Use the 3Com CD to install the wireless 802.1x agent on systems running under, Windows 98, Windows 98 SE, Windows ME, Windows NT 4.0 with Service Pack 6a, Windows 2000, or Windows XP. Systems running under Windows XP include support for EAP-MD5 and EAP-TLS. On Windows XP, the 802.1x agent is only required when using 3Com's Serial Authentication. Authentication and Login Authentication is initiated by associating to the access point. Alternatively, authentication can be manually initiated by selecting Start from the 802.1x agent menu. At login, the agent prompts for user name and password. The user name and password must match the name and password maintained by the RADIUS server. When the agent is running, a status icon in the system tray monitors the authentication process. The appearance of this icon changes to reflect the current state of the authentication process. If the user hovers the mouse over the icon, a tool tip also appears to indicate the current authentication status.