User guide
Table Of Contents
- 3Com Wireless 8760 Dual-radio 11a/b/g PoE Access Point
- Contents
- Introduction
- Installing the Access Point
- Installation Requirements
- Power Requirements
- Safety Information
- Deciding Where to Place Equipment and Performing A Site Survey
- Before You Begin
- Connecting the Standard Antennas
- Connecting Power
- Checking the LEDs
- Wall, Ceiling, or Electrical Box Mounting
- Flat Surface Installation
- Selecting and Connecting a Different Antenna Model
- Installing Software Utilities
- Initial Configuration
- System Configuration
- Command Line Interface
- Using the Command Line Interface
- General Commands
- System Management Commands
- System Logging Commands
- System Clock Commands
- DHCP Relay Commands
- SNMP Commands
- snmp-server community
- snmp-server contact
- snmp-server location
- snmp-server enable server
- snmp-server host
- snmp-server trap
- snmp-server engine-id
- snmp-server user
- snmp-server targets
- snmp-server filter
- snmp-server filter-assignments
- show snmp groups
- show snmp users
- show snmp group-assignments
- show snmp target
- show snmp filter
- show snmp filter-assignments
- show snmp
- Flash/File Commands
- RADIUS Client
- 802.1X Authentication
- MAC Address Authentication
- Filtering Commands
- WDS Bridge Commands
- Spanning Tree Commands
- Ethernet Interface Commands
- Wireless Interface Commands
- interface wireless
- vap
- speed
- turbo
- multicast-data-rate
- channel
- transmit-power
- radio-mode
- preamble
- antenna control
- antenna id
- antenna location
- beacon-interval
- dtim-period
- fragmentation-length
- rts-threshold
- super-a
- super-g
- description
- ssid
- closed-system
- max-association
- assoc-timeout-interval
- auth-timeout-value
- shutdown
- show interface wireless
- show station
- Rogue AP Detection Commands
- Wireless Security Commands
- Link Integrity Commands
- IAPP Commands
- VLAN Commands
- WMM Commands
- Troubleshooting
- Index
4-10
CHAPTER 4: SYSTEM CONFIGURATION
use both MAC address and 802.1X authentication, with client station MAC
authentication occurring prior to IEEE 802.1X authentication. However, it is better
to choose one or the other, as appropriate.
IEEE 802.1X is a standard framework for network access control that uses a
central RADIUS server for user authentication. This control feature prevents
unauthorized access to the network by requiring an 802.1X client application to
submit user credentials for authentication. The 802.1X standard uses the
Extensible Authentication Protocol (EAP) to pass user credentials (either digital
certificates, user names and passwords, or other) from the client to the RADIUS
server. Client authentication is then verified on the RADIUS server before the
access point grants client access to the network.
The 802.1X EAP packets are also used to pass dynamic unicast session keys and
static broadcast keys to wireless clients. Session keys are unique to each client and
are used to encrypt and correlate traffic passing between a specific client and the
access point. You can also enable broadcast key rotation, so the access point
provides a dynamic broadcast key and changes it at a specified interval.
The access point can also operate in a 802.1X supplicant mode. This enables the
access point itself to be authenticated with a RADIUS server using a configured
MD5 user name and password. This prevents rogue access points from gaining
access to the network.
Take note of the following points before configuring MAC address or 802.1X
authentication:
Use MAC address authentication for a small network with a limited number of
users. MAC addresses can be manually configured on the access point itself
without the need to set up a RADIUS server, but managing a large number of
MAC addresses across many access points is very cumbersome. A RADIUS
server can be used to centrally manage a larger database of user MAC
addresses.
Use IEEE 802.1X authentication for networks with a larger number of users and
where security is the most important issue. When using 802.1X authentication,
a RADIUS server is required in the wired network to centrally manage the
credentials of the wireless clients. It also provides a mechanism for enhanced
network security using dynamic encryption key rotation or W-Fi Protected
Access (WPA).
NOTE: If you configure RADIUS MAC authentication together with 802.1X,
RADIUS MAC address authentication is performed prior to 802.1X authentication.
If RADIUS MAC authentication succeeds, then 802.1X authentication is
performed. If RADIUS MAC authentication fails, 802.1X authentication is not
performe
d.