802.1x RADIUS Support 19
3Com 128-bit Dynamic Security Link Encryption. 3Com’s proprietary 128-bit
Dynamic Security Link is built into the access point and permits user-level
authentication. This option can be used only with local access point
authentication. Users must log in with username and password. (The access point
username and password database can support up to 1000 names.) Once the user
is authenticated, the access point dynamically creates a unique 128-encryption key
for the user for that session. Encryption keys are generated automatically and so
do not need to be supplied. To take advantage of this security setting, clients must
use a 3Com Wireless LAN PC Card (model 3CRWE62092A).
802.1x RADIUS Support The IEEE 802.1x standard specifies a general method for the provision of
port-based network access control. It provides an architecture framework for
User-RADIUS authentication through an authenticator such as a wireless access
point or a switch. The access point supports any RADIUS implementation
compliant with RFC 2865 and following standard EAP, RFC 2284, 2716, and 2548
protocols. This includes support for port-based network access control, which
permits standard security protocols such as EAP and RADIUS to provide centralized
user identification, authentication, dynamic key management, and accounting.
(The access point supports RADIUS Accounting per RFC2866: Username, Start
time, Stop time, and Packet input/output.)
Using the Wireless 802.1x Agent 3Com provides a software utility to allow Windows clients to authenticate to the
Access Point 8000 using either EAP-MD5 or 3Com Serial Authentication. The
802.1x agent can be used with any vendor’s PC card, but to take advantage of
3Com’s Serial Authentication, it must be used with a 3Com Wireless LAN PC Card
(model 3CRWE62092A) that has been upgraded to the latest firmware. A copy of
the agent must be installed on each client computer
Use the 3Com CD to install the wireless 802.1x agent on systems running under,
Windows 98, Windows 98 SE, Windows ME, Windows NT 4.0 with Service Pack
6a, Windows 2000, or Windows XP. Systems running under Windows XP include
support for EAP-MD5 and EAP-TLS. On Windows XP, the 802.1x agent is only
required when using 3Com’s Serial Authentication.
Authentication and
Login Authentication is initiated by associating to the access point. Alternatively,
authentication can be manually initiated by selecting Start from the 802.1x agent
menu. At login, the agent prompts for user name and password. The user name
and password must match the name and password maintained by the RADIUS
server.
When the agent is running, a status icon in the system tray monitors the
authentication process. The appearance of this icon changes to reflect the current
state of the authentication process. If the user hovers the mouse over the icon, a
tool tip also appears to indicate the current authentication status.
3Com does not supply RADIUS software or configuration instructions other than
what is applicable for access point configuration. Refer to your system
administrator for additional third-party software and configuration information.
The access point supports any RADIUS server that complies with RFC 2865 and
follows standard EAP, RFC 2284, 2716, and 2548.