Wireless Security Configuration
Configuring MAC Address Authentication
Configuring MAC Address
Authentication
The access point can be configured to authenticate client MAC addresses
against a database stored locally on the access point or remotely on a RADIUS
server. Client MAC addresses in the local database can be specified as allowed
or denied access to the network. This enables the access point to control
which devices can associate with the access point.
No t e If a RADIUS authentication server is used for MAC authentication, the server
must first be configured in the Authentication Servers window.
Client station MAC authentication occurs prior to any IEEE 802.1X authenti-
cation configured for the access point. However, a client’s MAC address
provides relatively weak user authentication, since MAC addresses can be
easily captured and used by another station to break into the network. Using
802.1X provides more robust user authentication using user names and pass-
words or digital certificates. So, although you can configure the access point
to use MAC address and 802.1X authentication together, it is better to choose
one or the other, as appropriate. Consider the following guidelines:
■ Use MAC address authentication for a small network with a limited
number of users. MAC addresses can be manually configured on the
access point itself without the need to set up a RADIUS server. The access
point supports up to 1024 MAC addresses in its filtering table, but
managing a large number of MAC addresses across more than one access
point quickly becomes very cumbersome.
■ Use IEEE 802.1X authentication for networks with a larger number of
users and where security is the most important issue. A RADIUS server is
required in the wired network to control the user credentials (digital
certificates, smart cards, passwords, or other) of wireless clients. The
802.1X authentication approach provides a standards-based, flexible, and
scalable solution that can be centrally managed.
No t e Software version 2.0.37 or earlier supports up to only 256 MAC addresses in
the local database. Software version 2.0.38 or later supports up to 1024 MAC
addresses.
7-31
To Next Page
Loading...
Need help?
General
