Manualshelf

User's Guide

ManualsBrandsStrix Systems ManualsComputers & Accessories802.11 a/b/g Wireless Access Point
11121314151617181920
Table Of Contents
USER GUIDE
Local Authentication
– The Access/One Network is responsible for determining whether the
user device/station has network privileges. Since most access points don’t have a user database,
there is typically very little information for a system like Access/One Network. One mechanism
to determine user privileges is an Access Control List, which disallows (or allows) any user based
on their MAC address. However, MAC addresses can be spoofed so this method is not secure.
Remote Authentication
– Access/One Network becomes a gatekeeper and requires the use of
an external RADIUS server on the LAN to determine which users/stations are granted access.
The RADIUS server has a list of users and passwords to validate the user or device (one is more
secure than the other) and dynamically generate a key to Access/One Network for this user or
device. The RADIUS server must support EAP encapsulated RADIUS exchanges, as
Access/One Network only supports this format. When remote authentication is enabled, only
EAP traffic is bridged to the LAN until the RADIUS server authorizes Access/One Network
to allow the user or device access to the network.
Some examples of devices that support RADIUS with EAP are:
Windows 2000 IAS/Active Directory/Certificate Server (MD5/TLS)
Windows 2003 IAS/Active Directory/Certificate Server (MD5/TLS/PEAP )
Funk Odyssey with Active Directory interface or its own user list
(MD5/LEAP/TLS/TTLS/PEAP) – Note: Microsoft and Funk are the two servers
used for WiFi WPA testing.
Cisco ACS with Active Directory interface or its own user list
(MD5/LEAP/TLS/PEAP)
Linux Cistron Radius server (MD5/TLS)
Meetinghouse AEGIS server (MD5/LEAP/TLS/TTLS/PEAP)
Interlink Secure.XS server (MD5/LEAP/TLS/TTLS/PEAP/SPEKE)
Good security may be achieved by using Windows 200X IAS/Active Directory or Linux
RADIUS with TLS certificates. The best security will be provided by using Windows 2003
IAS/Active Directory, Funk Odyssey or Cisco ACS etc. running TTLS or PEAP.
Access/One Network provides encrypted protection from the user device/station to the host
LAN. If security on the LAN is also an issue, a Virtual Private Network (VPN) may be used to
doubly secure the wireless traffic while providing protection on the LAN. Due to the significant
overhead associated with this method, additional performance penalties will occur.
12