User Manual User guide

ManualsBrandsRockwell Automation ManualsEquipment1783-WAPxxx Stratix 5100 Wireless Access Point

311

312

313

314

315

316

317

318

319

320

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014 319

Chapter 10

Configure an Access Point as a Local

Authenticator

This chapter describes how to configure the access point as a local authenticator

to serve as a stand-alone authenticator for a small wireless LAN or to provide

back up authentication service. As a local authenticator, the access point performs

LEAP, EAP-FAST, and MAC-based authentication for up to 50 client devices.

Understanding Local

Authentication

Many small wireless LANs that could be made more secure with 802.1x

authentication don’t have access to a RADIUS server. On many wireless LANs

that use 802.1x authentication, access points rely on RADIUS servers housed in a

distant location to authenticate client devices, and the authentication traffic must

cross a WAN link. If the WAN link fails, or if the access points cannot access the

RADIUS servers for any reason, client devices cannot access the wireless network

even if the work they wish to do is entirely local.

To provide local authentication service or back-up authentication service in case

of a WAN link or a server failure, you can configure an access point to act as a

local authentication server. The access point can authenticate up to 50 wireless

client devices by using LEAP, EAP-FAST, or MAC-based authentication. The

access point performs up to 5 authentications per second.

You configure the local authenticator access point manually with client

usernames and passwords because it does not synchronize its database with the

main RADIUS servers. You can also specify a VLAN and a list of SSIDs that a

client is allowed to use.

Topic Page

Understanding Local Authentication 319

Configuring a Local Authenticator 320

Configuring EAP-FAST Settings 336

Limiting the Local Authenticator to One Authentication Type 339

Unblocking Locked Usernames 339

Using Debug Messages 341

TIP

If your wireless LAN contains only one access point, you can configure the

access point as both the 802.1x authenticator and the local authenticator.

However, users associated to the local authenticator access point can notice a

drop in performance when the access point authenticates client devices.