Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout 3000

101

102

103

104

105

106

107

108

109

110

Security

RoamAbout Access Point 3000 Configuration Guide 4-67

Whenyouenable802.1x,youcanalsoenablethebroadcastandsessionkeyrotationintervals.

– BroadcastKeyRefreshRatesetstheintervalatwhichthebroadcastkeysarerefreshedfor

stationsusing802.1xdynamickeying.(Range:0‐1440minutes;Default:0meansdisabled)

– SessionKeyRefreshRatespecifiestheintervalat

whichtheaccesspointrefreshesunicast

sessionkeysforassociatedclients.(Range:0‐1440minutes;Default:0meansdisabled)

– 802.1xSessionTimeoutsetsthetimeperiodafterwhichaconnectedclientmustbere‐

authenticated.Duringthere‐authenticationprocessofverifyingtheclient’scredentialson

theRADIUSserver,the

clientremainsconnectedtothenetwork.Onlyifre‐authentication

failsisnetworkaccessblocked.Default:60minutes.

• MACAuthenticationconfigureshowthe accesspointusesMACaddressestoauthorize

wirelessclientstoaccessthenetwork.Thisauthenticationmethodprovidesabasiclevelof

authenticationforwirelessclientsattemptingtogain

accesstothenetwork.Adatabaseof

authorizedMACaddressescanbestoredlocal ly ontheAccessPoint3000orremotelyona

centralRADIUSserver.(Default:LocalMAC)

– LocalMACindicatesthattheMACaddressoftheassociatingstationiscomparedagainst

thelocaldatabasestoredontheaccess

point.LocalMACAuthenticationenablesthelocal

databasetobesetup.

– RADIUSMACspecifiesthattheMA Caddressoftheassociatingstationissenttoa

configuredRADIUSserverforauthentication. 

TouseaRADIUSauthentica tionserverforMACaddressau thentication,theaccesspoint

mustbeconfiguredtousea

RADIUSserver,seeRADIUS(page4‐9).

– Disablespecifiesthattheaccesspointdoesnotcheckanassociatingstation’sMACaddress.

IfyouspecifyRADIUSMACforthisdefaultinterfaceorVAP,youmustspecifythefollowing

parameters:

– MACAuthenticationPasswordspecifiestheauthenticationpasswordthisradiointerfaceor

VAP

sendstotheRADIUSservertoauthenticateMACaddresses.

– MACAuthenticationSessionTimeoutspecif iestheamountoftimeafterwhichyouwanta

MACauthenticationsessiontotimeoutbetweentheAPandtheRADIUSserver.

IfyouspecifyLocalMACforthisdefaultinterfaceorVAP,youmustspecifyLocal

MAC

AuthenticationsettingsthatconfigurethelocalMACauthenticationdatabase.TheMAC

databaseprovidesamechanismtotakecert ainactionsbasedonawirelessclient’sMAC

address.YoucanconfigureTheMAClistcanbeconfiguredtoallowordenynetworkaccessto

specificclients.

– SystemDefaultspecifiesadefault

actionforallunknownMACaddresses(thatis,thosenot

listedinthelocalMACdatabase).

‐ DenyblocksaccessforallMACaddressesexceptthoselistedinthelocaldatabaseas

“A l l o w ” .

‐ AllowpermitsaccessforallMACaddressesexceptthoselistedinthelocaldatabaseas

“Deny”.