3Com 3CRWE825075A-US User Guide - Page 33

MAC Authentication, Local MAC, RADIUS MAC, Disable, 1x Wireless Setup, Supported, Required

Get 3Com 3CRWE825075A-US - Wireless LAN Access Point 8250 PDF manuals and user guides
UPC - 662705473796
View all 3Com 3CRWE825075A-US manuals
Add to My Manuals
Save this manual to your list of manuals

Page 33 highlights

Configure the options as described below. When you are finished, click Apply. o MAC Authentication- Selecting MAC authentication allows you to define access permission and precedence. Options are: Local MAC- With this option, the MAC address of the associating station is compared against the local access control list. You must build this list (called the MAC Authentication Table) as described in Local MAC Authentication below. Use this option if you want to restrict wireless clients authentication to the access point based off their MAC address. RADIUS MAC- With this option, the MAC address of the associating station is sent to the configured RADIUS server for validation. You must specify the authentication sequence and the corresponding parameters for the remote authentication protocol. See "RADIUS" on page 31 and "802.1x Wireless Setup" below. Disable- No MAC address related checks are performed on a client requesting authentication to the access point. o 802.1x Wireless Setup-802.1x is designed to enhance the security management of the wireless network. Select one of the following options: Disable- The access point will neither initiate nor respond to any 802.1x authentication requests to or from wireless clients. Supported - Legacy clients (non 802.1x) and 802.1x clients are both supported. This is provided for ease of migration. This option works with WPA key management set to either "WPA authentication over 802.1x" or "WPA pre-shared key (PSK)" on the radio security page. Required - Clients authenticate to a RADIUS server via the access point. Clients are not allowed onto the wired LAN until authentication is successful. If two Radios are installed and WPA is being used, both radios' security must be set to "WPA authentication over 802.1x" for the WPA key management when 802.1x is Required. If one radio's security is set to "WPA pre-shared key (PSK)" for WPA key management and the other is "WPA authentication over 802.1x", then the 802.1x Wireless Setup must be set to "Supported" instead. When 802.1x is enabled, the broadcast and session key rotation intervals can also be configured. Set these values to force the periodic refresh of broadcast or session keys for each 802.1x client. First set up the RADIUS authentication for the client on the RADIUS authentication server. (See "RADIUS" on page 31.) Select Supported or Required on the 802.1x Wireless Setup field above. Enter data as described in the following table. 33

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
33
Configure the options as described below. When you are finished, click
Apply.
o
MAC Authentication
— Selecting MAC authentication allows you to define
access permission and precedence. Options are:
Local MAC
— With this option, the MAC address of the associating station is
compared against the local access control list. You must build this list (called the
MAC Authentication Table) as described in Local MAC Authentication below.
Use this option if you want to restrict wireless clients authentication to the access
point based off their MAC address.
RADIUS MAC
— With this option, the MAC address of the associating station is
sent to the configured RADIUS server for validation. You must specify the
authentication sequence and the corresponding parameters for the remote
authentication protocol. See “RADIUS” on page 31 and “802.1x Wireless
Setup” below.
Disable
— No MAC address related checks are performed on a client requesting
authentication to the access point.
o
802.1x Wireless Setup
—802.1x is designed to enhance the security management
of the wireless network. Select one of the following options:
Disable
— The access point will neither initiate nor respond to any 802.1x
authentication requests to or from wireless clients.
Supported
— Legacy clients (non 802.1x) and 802.1x clients are both supported.
This is provided for ease of migration. This option works with WPA key
management set to either “WPA authentication over 802.1x” or “WPA pre-shared
key (PSK)” on the radio security page.
Required
— Clients authenticate to a RADIUS server via the access point. Clients
are not allowed onto the wired LAN until authentication is successful. If two
Radios are installed and WPA is being used, both radios’ security must be set to
“WPA authentication over 802.1x” for the WPA key management when 802.1x is
Required. If one radio’s security is set to “WPA pre-shared key (PSK)” for WPA
key management and the other is “WPA authentication over 802.1x”, then the
802.1x Wireless Setup must be set to “Supported” instead.
When 802.1x is enabled, the broadcast and session key rotation intervals can also
be configured. Set these values to force the periodic refresh of broadcast or session
keys for each 802.1x client.
First set up the RADIUS authentication for the client on the RADIUS
authentication server. (See “RADIUS” on page 31.) Select Supported or Required
on the 802.1x Wireless Setup field above. Enter data as described in the following
table.