Specifications

Authentication

RoamAbout RBT-4102 Wireless Access Point Configuration Guide 4-15

Authentication

WirelessclientscanbeauthenticatedfornetworkaccessbycheckingtheirMACaddressagainst

thelocaldatabaseconfiguredontheaccesspoint,orbyusingadatabaseconfiguredonacentral

RADIUSserver.Alternatively,authenticationcanbeimpl ementedusingtheIEEE802.1Xnetwork

accesscontrolprotocol.

ClientstationMACauthenticationoccurs

priortotheIEEE802.1Xauthenticationprocedure

configuredfortheaccesspoint.However,aclient’sMACaddressprovidesrelativelyweakuser

authentication,sinceMACaddressescanbeeasilycapturedandusedbyanotherstationtobreak

intothenetwork.Using802.1Xprovidesmorerobustuserauthenticationusingusernamesand

passwordsordigitalcertificates.So,althoughyoucanconfiguretheaccesspointtouseMAC

addressand802.1Xauthenticationtogether,itisbettertochooseoneortheother,asappropriate.

UseMACaddressauthenticationforasmallnetworkwithalimitednumberofusers.MAC

addressescanbemanuallyconfigured

ontheaccesspointitselfwithouttheneedtosetupa

RADIUSserver.UseIEEE802.1Xauthenticationfornetworkswithalargernumberofusersand

wheresecurityisthemostimportantissue.For802.1XauthenticationaRADIUSserverisrequired

inthewirednetworktocontroltheuser

credentialsofthewirelessclients.

Theaccesspointcanalsooperateinan802.1Xsupplicantmode.Thisenables theaccesspointitself

tobeauthenticatedwithaRADIUSserverusingaconfiguredMD5usernameandpassword.This

preventsrogueaccesspointsfromgainingaccesstothenetwork.