For granting access to wireless network, please follow the below procedure:
1. Select ‘Enabled’ from the Functionality drop-down list.
2. Set the Access control type to ‘inclusive’.
3. Specify the MAC address of a wireless client to be denied access,
and then click
<Add>
.
4. Repeat Steps 3 for other wireless clients.
To delete an entry in the access control table (size: 64):
1. Click
<Delete>
next to the entry.
3.6.3 IEEE 802.1x/RADIUS
IEEE 802.1x Port-Based Network Access Control is a new standard for
solving some security issues associated with IEEE 802.11, such as lack of
user-based authentication and dynamic encryption key distribution. With IEEE
802.1x and the help of a RADIUS (Remote Authentication Dial-In User
Service) server and a user account database, an enterprise or ISP (Internet
Service Provider) can manage its mobile users’ access to its wireless LANs.
Before granted access to a wireless LAN supporting IEEE 802.1x, a user has
to issue his or her user name and password or digital certificate to the
backend RADIUS server by EAPOL (Extensible Authentication Protocol Over
LAN). The RADIUS server can record accounting information such as when a
user logs on to the wireless LAN and logs off from the wireless LAN for
monitoring or billing purposes.
The IEEE 802.1x functionality of the access point is controlled by the security
mode. So far, the wireless access point supports two authentication
mechanisms—EAP-MD5 (Message Digest version 5), EAP-TLS (Transport
Layer Security). If EAP-MD5 is used, the user has to give username and
password for authentication. If EAP-TLS is used, the wireless client computer
automatically gives the user’s digital certificate that is stored in the computer
hard disk or a smart card for authentication. And after a successful EAP-TLS
authentication, a session key is automatically generated for wireless packets
encryption between the wireless client computer and its associated wireless
31
