Dell PowerConnect W-IAP92 Dell Instant 6.1.3.1-3.0.0.0 User Guide - Page 109

MAC Authentication, Configuring MAC Authentication, NAS IP address

Get Dell PowerConnect W-IAP92 PDF manuals and user guides View all Dell PowerConnect W-IAP92 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 109 highlights

MAC Authentication Media Access Control (MAC) authentication is used to authenticate devices based on their physical MAC addresses. It is an early form of filtering. MAC authentication requires that the MAC address of a machine must match a manually defined list of addresses. This form of authentication does not scale past a handful of devices, because it is difficult to maintain the list of MAC addresses. Additionally, it is easy to change the MAC address of a station to match one on the accepted list. This spoofing is trivial to perform with built-in driver tools, and it should not be relied upon to provide security. MAC authentication can be used alone, but typically it is combined with other forms of authentication, such as WEP authentication. Because MAC addresses are easily observed during transmission and easily changed on the client, this form of authentication should be considered nothing more than a minor hurdle that will not deter the determined intruder. It is recommended against the use of MAC based authentication. Configuring MAC Authentication To enable MAC Authentication for a wireless network, perform the following steps: 1. In the Network tab, click the network for which you want to enable MAC authentication. The edit link for the network appears. 2. Click the edit link and navigate to the Security tab. 3. For a network with Personal or Open security level, select Enabled from the MAC Authentication drop-down list. 4. Select New from the Authentication server 1 drop-down list perform the following steps: a. Name: Enter the name of the new external RADIUS server. b. IP address: Enter the IP address of the external RADIUS server. c. Auth port: Enter the authorization port number of the external RADIUS server. The port number is set to 1812 by default. d. Accounting port: Enter the accounting port number. This port is used to send accounting records to the RADIUS server. The port number is set to 1813 by default e. Shared key: Enter a shared key for communicating with the external RADIUS server. f. Timeout: Specify a number between1 and 30 seconds. User will be disconnected after this time. The default value is 5 seconds. g. Retry count: Specify a number between 1 and 5. Indicates the maximum number of authentication requests that are sent to server group, and the default value is 3 requests. h. RFC 3576: When enabled, the Access Points will process RFC 3576-compliant Change of Authorization (CoA) and Disconnect messages from the RADIUS server. Disconnect messages cause a user session to be terminated immediately, whereas CoA messages modify session authorization attributes such as data filters. i. NAS IP address: Enter the Virtual Controller IP address. The NAS IP address is the Virtual Controller IP address that is sent in data packets. j. NAS identifier: Use this to configure strings for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server. 5. Click OK to continue. Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0 | User Guide Authentication | 109

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0
| User Guide
Authentication
|
109
MAC Authentication
Media Access Control (MAC) authentication is used to authenticate devices based on their physical MAC
addresses. It is an early form of filtering. MAC authentication requires that the MAC address of a machine must
match a manually defined list of addresses. This form of authentication does not scale past a handful of devices,
because it is difficult to maintain the list of MAC addresses. Additionally, it is easy to change the MAC address of
a station to match one on the accepted list. This spoofing is trivial to perform with built-in driver tools, and it
should not be relied upon to provide security.
MAC authentication can be used alone, but typically it is combined with other forms of authentication, such as
WEP authentication. Because MAC addresses are easily observed during transmission and easily changed on the
client, this form of authentication should be considered nothing more than a minor hurdle that will not deter the
determined intruder. It is recommended against the use of MAC based authentication.
Configuring MAC Authentication
To enable MAC Authentication for a wireless network, perform the following steps:
1.
In the
Network
tab, click the network for which you want to enable MAC authentication. The
edit
link for the
network appears.
2.
Click the
edit
link and navigate to the
Security
tab.
3.
For a network with
Personal
or
Open
security level, select
Enabled
from the
MAC Authentication
drop-down
list.
4.
Select
New
from the
Authentication server 1
drop-down list perform the following steps:
a.
Name:
Enter the name of the new external RADIUS server.
b.
IP address
: Enter the IP address of the external RADIUS server.
c.
Auth port:
Enter the authorization port number of the external RADIUS server. The port number is set to
1812 by default.
d.
Accounting port:
Enter the accounting port number. This port is used to send accounting records to the
RADIUS server. The port number is set to 1813 by default
e.
Shared key:
Enter a shared key for communicating with the external RADIUS server.
f.
Timeout:
Specify a number between1 and 30 seconds. User will be disconnected after this time. The
default value is 5 seconds.
g.
Retry count:
Specify a number between 1 and 5. Indicates the maximum number of authentication
requests that are sent to server group, and the default value is 3 requests.
h.
RFC 3576:
When enabled, the Access Points will process RFC 3576-compliant Change of Authorization
(CoA) and Disconnect messages from the RADIUS server. Disconnect messages cause a user session to be
terminated immediately, whereas CoA messages modify session authorization attributes such as data
filters.
i.
NAS IP address:
Enter the Virtual Controller IP address. The NAS IP address is the Virtual Controller IP
address that is sent in data packets.
j.
NAS identifier:
Use this to configure strings for RADIUS attribute 32, NAS Identifier, to be sent with
RADIUS requests to the RADIUS server.
5.
Click
OK
to continue.