Enterasys RoamAbout RBT-4102 - Wireless Security Configuration

To Next Page

To Previous Page

Authentication

4-14 Advanced Configuration

Authentication

WirelessclientscanbeauthenticatedfornetworkaccessbycheckingtheirMACaddressagainst

thelocaldatabaseconfiguredontheaccesspoint,orbyusingadatabaseconfiguredonacentral

RADIUSserver.Alternatively,authenticationcanbeimplement edusingtheIEEE802.1Xnetwork

accesscontrolprotocol.

ClientstationMACauthenticationoccurs

priortotheIEEE802.1Xauthenticationprocedure

configuredfortheaccesspoint.However,aclient’sMACaddressprovidesrelativelyweakuser

authentication,sinceMACaddressescanbeeasilycapturedandusedbyanotherstationtobreak

intothenetwork.Using802.1Xprovidesmorerobustuserauthenticationusingusernamesand

passwordsordigitalcertificates.So,althoughyoucanconfiguretheaccesspointtouseMAC

addressand802.1Xauthenticationtogether,itisbettertochooseoneortheother,asappropriate.

UseMACaddressauthenticationforasmallnetworkwithalimitednumberofusers.MAC

addressescanbemanuallyconfigured

ontheaccesspointitselfwithouttheneedtosetupa

RADIUSserver.UseIEEE802.1Xauthenticationfornetworkswithalargernumberofusersand

wheresecurityisthemostimportantissue.For802.1XauthenticationaRADIUSserverisrequired

inthewirednetworktocontroltheuser

credentialsofthewirelessclients.

Theaccesspointcanalsooperateinan802.1Xsupplicantmode.Thisenables theaccesspointitself

tobeauthenticatedwithaRADIUSserverusingaconfiguredMD5usernameandpassword.This

preventsrogueaccesspointsfromgainingaccesstothenetwork.

Other manuals for Enterasys RoamAbout RBT-4102