16
C
HAPTER
3: A
CCESS
P
OINT
S
ECURITY
802.1x RADIUS. The IEEE 802.1X standard specifies a general method for the
provision of port-based network access control. It provides an architecture
framework for User-RADIUS authentication through an authenticator such as a
wireless access point or a switch.
Based on the IEEE 802.1x standard for port-based network access control,
standard security protocols such as EAP and RADIUS provide centralized user
identification, authentication, dynamic key management and accounting.
The access point supports several authentication methods, including EAP-MD5,
EAP-TLS, and serial authentication, each of which enables different levels of
authentication and encryption based on the requirements of your site. In addition,
it supports RADIUS Accounting per RFC2866: Username, Start time, Stop time,
and Packet input/output. When a client is successfully authenticated to a RADIUS
authentication server and RADIUS accounting service is enabled, the RADIUS client
sends information to the RADIUS accounting server that can generate accounting
information and reports.
Using the Wireless
802.1X Agent
The Wireless Authentication Agent lets wireless clients associate with the access
point and authenticate with the RADIUS server that resides on the wired network.
Before you can authenticate a PC-based wireless client through your RADIUS
server, you must install and run the Wireless Authentication Agent, you will need a
copy of the agent on each client computer with a RADIUS server account. Clients
that run Windows 95, 98, ME, NT, or 2000 require the 802.1x client tool in order
to authenticate to the server.
The Wireless Authentication Agent can be installed from the 3Com Administrator
Utilities CD. Clients running under Windows XP have 802.1x support enabled
through the operating system and do not require the agent. Although it is not
required on Windows XP systems, you may still install and use it. This might be
preferred if you want all PC wireless clients at your site to use the same procedures
and interface for authentication to your RADIUS server.
Authentication and
Login
Once installed, authentication becomes part of the client computers startup
process.At login, it prompts for user name and password. The user name and
password must match the user name and password kept by the RADIUS server for
that user. The status icon in the system tray monitors the authentication process.
The user can access the authentication agent software from the agent icon in the
system tray to log off or log on manually. When a computer is logged off
manually, the agent suspends the authentication process until the next login and
connection to an access point.
3Com does not supply RADIUS software or configuration instructions other than
what is applicable for access point configuration. Refer to your system
administrator for additional third-party software and configuration information.
The access point supports any RADIUS server that complies with RFC 2865 and
follow the standard EAP, RFC 2284, 2716, 2548.