SMC Networks SMCWHSG44-G manual Ieee 802.1x/RADIUS

Page 68

With MAC-Address-Based Access Control, you can specify the wireless clients (STAs or Bridge Slaves) that are permitted or not permitted to asso- ciate with the SMCWHSG44-G. When the table type is set to inclusive, entries in the table are permitted to associate and all other users are blocked. When the table type is set to exclusive, entries in the table are not permitted to associate with the SMCWHSG44-G while other users are allowed access.

To deny wireless clients' access to the wireless network:

1.Select Enabled from the Functionality drop-down list.

2.Set the Access control type to exclusive.

3.Specify the MAC address of a wireless client to be denied access, and then click Add.

4.Repeat Step 3 for each other wireless client.

To grant wireless clients' access to the wireless network:

1.Select Enabled from the Functionality drop-down list.

2.Set the Access control type to inclusive.

3.Specify the MAC address of a wireless client to allow access, and then click Add.

4.Repeat Step 3 for each other wireless client.

To delete an entry in the access control table:

• Click Delete next to the entry.

NOTE: The size of the access control table is 64.

2.5.3. IEEE 802.1x/RADIUS

IEEE 802.1x Port-Based Network Access Control is a new standard for solv- ing some security issues associated with IEEE 802.11, such as lack of user- based authentication and dynamic encryption key distribution. With IEEE 802.1x, a RADIUS (Remote Authentication Dial-In User Service) server, and a user account database, an enterprise or ISP (Internet Service Provider) can manage its mobile users' access to its wireless LANs. Before granting access to a wireless LAN supporting IEEE 802.1x, a user has to issue his or her user name and password or digital certificate to the backend RADIUS server by EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS server can record accounting information such as when a user logs on to the wireless LAN and logs off from the wireless LAN for monitoring or billing purposes.

The IEEE 802.1x functionality of the access point is controlled by the security mode (see Section 2.5.2.1). So far, the wireless access point supports two authentication mechanisms-EAP-MD5 (Message Digest version 5), EAP-TLS (Transport Layer Security). If EAP-MD5 is used, the user has to give his or her user name and password for authentication. If EAP-TLS is used, the wireless client computer automatically gives the user's digital certificate that is

67

Page 67 Page 69
Image 68
Page 67 Page 69
Contents SMCWHSG44-G Page Copyright TrademarksLimited Warranty Page Industry Canada Class B Federal Communication Commission Interference StatementFCC Radiation Exposure Statement EC Conformance Declaration Safety Compliance Power Cord SafetySchuko Page Wichtige Sicherheitshinweise Germany Schuko Page Table of Contents System Page SMCWHSG44-G SMCWHS-POS Introduction Ieee 802.11b/g Compliant Wireless Operation Overview FeaturesUser Authentication, Authorization, and Accounting AAA Internet Connection Sharing Network Security Firmware Tools Rear Panel Package ChecklistLED Definition Selecting a Power Supply Method POE enabled LAN Port PositionMounting the SMCWHSG44-G on a Wall Preparing for Configuration Changing the TCP/IP Settings of the Managing ComputerConfiguring the SMCWHSG44-G Entering the PasswordSetup Wizard Selecting an Operational Mode HomePage Router with a DHCP-Based DSL/Cable Connection Router with a Static-IP DSL/Cable ConnectionRouter with Multiple DSL/Cable Connections Setup Wizard Configuring Dhcp Server Settings Setup Wizard Configuring Ieee 802.11 SettingsConfiguring User Authentication Settings Web RedirectionLocal Authentication Sever Authentication protocolPage How to Setup the Mini-POS Ticket Printer Account Table ListIeee Configuring Radius Settings Radius Settings Allowable Authentication ModesSetting up Client Computers Deploying the SMCWHSG44-GConfiguring TCP/IP-Related Settings Configuring Ieee 802.11-Related SettingsTo establish a wireless link to an AP Page Authentication Success Logout OverviewMenu Structure Page Status Associated Wireless Clients Save, Save & Restart, and Cancel CommandsHome and Refresh Commands Authenticated Users Account TableSession List Managed LAN DevicesSpecifying Operational Mode SystemChanging Password Managing FirmwareUpgrading Firmware by Http Backing up and Restoring Configuration Settings by HttpTo upgrade firmware of the SMCWHSG44-G by Http To upgrade firmware of the SMCWHSG44-G by Tftp Upgrading Firmware by TftpBacking up and Restoring Configuration Settings by Tftp To back up configuration of the SMCWHSG44-G by TftpTo restore configuration of the SMCWHSG44-G by Tftp Time Zone Resetting Configuration to Factory DefaultsConfiguring TCP/IP Related Settings Address Router with a DHCP-Based DSL/Cable Connection Router with a Static-IP DSL/Cable Connection DNS DNS Proxy Host Address Resolution NAT BasicDhcp Server To expose preset internal serversVirtual Server Mappings Dhcp Server Basic Ii. Static Dhcp MappingsTo always assign an IP address to a specific Dhcp client Dhcp RelayLoad Balancing Zero Client Reconfiguration Configuring Ieee 802.11-Related Settings Wireless BasicWireless Distribution System Wireless Distribution System Settings To enable a WDS linkSecurity Network Topology Containing a LoopPage MAC-Address-Based Access Control MAC-Address-Based Access Control SettingsIeee 802.1x/RADIUS To deny wireless clients access to the wireless networkTo grant wireless clients access to the wireless network Ieee 802.1x/RADIUS Settings Configuring Authentication Settings AAA Basic Default Authentication Failure Warning Unrestricted Clients To specify an uncontrolled computer by MAC addressWalled Garden Radius BasicRobustness Authentication Session Control Log-On Page Customization SettingsAuthentication Success Page Customization Settings Advertisement Links Settings DdnsIcmp TCP UDP To set a rule for packet filtering VlanFirewall To block Http traffic to an unwelcome Web site URL FiltersManagement Basic UPnP System LogAccess Rules SnmpUnrestricted Host MAC Address Settings LAN Device ManagementExample for LAN Device Management To specify a LAN device to manageDefault Settings Appendix aLED Definitions TCP/IP Setting Problems Page Wireless Settings Problems Other ProblemsAppendix C Distances and Data Rates Network Configuration Transmission output PowerConfiguration and Management StandardsKeypad Access Point AuthenticationBasic Service Set BSS Ad HocDynamic Host Configuration Protocol Dhcp Extended Service Set ESSExtensible Authentication Protocol EAP EncryptionInter Access Point Protocol Iapp Power over Ethernet PoEInfrastructure Local Area Network LANService Set Identifier Ssid Wireless Distribution System WDSWi-Fi Protected Access Session KeyWired Equivalent Privacy WEP WPA Pre-shared Key PSKPage For Technical SUPPORT, Call
Top Page Image Contents