Cisco Systems DL-2159-05 manual Wired LAN Client

Chapter 8 Security Setup

Security Overview

•MAC address—The access point relays the wireless client device’s MAC address to a RADIUS server on your network, and the server checks the address against a list of allowed MAC addresses. If you don’t have a RADIUS server on your network, you can create the list of allowed MAC addresses on the access point’s Address Filters page. Devices with MAC addresses not on the list are not allowed to authenticate. Intruders can create counterfeit MAC addresses, so MAC-based authentication is less secure than EAP authentication. However, MAC-based authentication provides an alternate authentication method for client devices that do not have EAP capability. See the “Setting Up MAC-Based Authentication” section on page 8-21for instructions on enabling MAC-based authentication.

Figure 8-3shows the authentication sequence for MAC-based authentication.

Figure 8-3 Sequence for MAC-Based Authentication

Wired LAN

•Open—Allows any device to authenticate and then attempt to communicate with the access point. Using open authentication, any wireless device can authenticate with the access point, but the device can only communicate if its WEP keys match the access point’s. Devices not using WEP do not attempt to authenticate with an access point that is using WEP. Open authentication does not rely on a RADIUS server on your network.

Figure 8-4shows the authentication sequence between a device trying to authenticate and an access point using open authentication. In this example, the device’s WEP key does not match the access point’s key, so it can authenticate but not pass data.

Cisco Aironet 1200 Series Access Point Software Configuration Guide