33
Configure the options as described below. When you are finished, click
Apply.
o
MAC Authentication
— Selecting MAC authentication allows you to define
access permission and precedence. Options are:
Local MAC
— With this option, the MAC address of the associating station is
compared against the local access control list. You must build this list (called the
MAC Authentication Table) as described in Local MAC Authentication below.
Use this option if you want to restrict wireless clients authentication to the access
point based off their MAC address.
RADIUS MAC
— With this option, the MAC address of the associating station is
sent to the configured RADIUS server for validation. You must specify the
authentication sequence and the corresponding parameters for the remote
authentication protocol. See “RADIUS” on page 31 and “802.1x Wireless
Setup” below.
Disable
— No MAC address related checks are performed on a client requesting
authentication to the access point.
o
802.1x Wireless Setup
—802.1x is designed to enhance the security management
of the wireless network. Select one of the following options:
Disable
— The access point will neither initiate nor respond to any 802.1x
authentication requests to or from wireless clients.
Supported
— Legacy clients (non 802.1x) and 802.1x clients are both supported.
This is provided for ease of migration. This option works with WPA key
management set to either “WPA authentication over 802.1x” or “WPA pre-shared
key (PSK)” on the radio security page.
Required
— Clients authenticate to a RADIUS server via the access point. Clients
are not allowed onto the wired LAN until authentication is successful. If two
Radios are installed and WPA is being used, both radios’ security must be set to
“WPA authentication over 802.1x” for the WPA key management when 802.1x is
Required. If one radio’s security is set to “WPA pre-shared key (PSK)” for WPA
key management and the other is “WPA authentication over 802.1x”, then the
802.1x Wireless Setup must be set to “Supported” instead.
When 802.1x is enabled, the broadcast and session key rotation intervals can also
be configured. Set these values to force the periodic refresh of broadcast or session
keys for each 802.1x client.
First set up the RADIUS authentication for the client on the RADIUS
authentication server. (See “RADIUS” on page 31.) Select Supported or Required
on the 802.1x Wireless Setup field above. Enter data as described in the following
table.