3Com 3CRWE875075A, 3CRWE850075A Field, Default, Description, Broadcast Key Refresh Rate, minutes

n

n

MAC Authentication— Selecting MAC authentication allows you to define access permission and precedence. Options are:

Local MAC— With this option, the MAC address of the associating station is compared against the local access control list. You must build this list (called the MAC Authentication Table) as described in Local MAC Authentication below. Use this option if you want to restrict wireless clients authentication to the access point based off their MAC address.

RADIUS MAC— With this option, the MAC address of the associating station is sent to the configured RADIUS server for validation. You must specify the authentication sequence and the corresponding parameters for the remote authentication protocol. See “RADIUS” on page 30 and “802.11x Setup” below.

Disable— No MAC address related checks are performed on a client requesting authentication to the access point.

802.1x Setup—802.1x is designed to enhance the security management of the wireless network. Select one of the following options:

Disable— The access point will neither initiate nor respond to any 802.1x authentication requests to or from wireless clients.

Supported — Legacy clients (non 802.1x) and 802.1x clients are both supported. This is provided for ease of migration. This option works with WPA key management set to either “WPA authentication over 802.1x” or “WPA pre-shared key (PSK)” on the radio security page.

Required — Clients authenticate to a RADIUS server via the access point. Clients are not allowed onto the wired LAN until authentication is successful. If two Radios are installed and WPA is being used, both radios’ security must be set to “WPA authentication over 802.1x” for the WPA key management when 802.1x is Required. If one radio’s security is set to “WPA pre-shared key (PSK)” for WPA key management and the other is “WPA authentication over 802.1x”, then the 802.1x Setup must be set to “Supported” instead.

When 802.1x is enabled, the broadcast and session key rotation intervals can also be configured. Set these values to force the periodic refresh of broadcast or session keys for each 802.1x client.

First set up the RADIUS authentication for the client on the RADIUS authentication server. (See “RADIUS” on page 30.) Select Supported or Required on the 802.1x Setup field above. Enter data as described in the following table.