Security
When you enable 802.1x, you can also enable the broadcast and session key rotation intervals.
–Broadcast Key Refresh Rate sets the interval at which the broadcast keys are refreshed for stations using 802.1x dynamic keying. (Range: 0‐1440 minutes; Default: 0 means disabled)
–Session Key Refresh Rate specifies the interval at which the access point refreshes unicast session keys for associated clients. (Range: 0‐1440 minutes; Default: 0 means disabled)
–802.1x Session Timeout sets the time period after which a connected client must be re‐ authenticated. During the re‐authentication process of verifying the client’s credentials on the RADIUS server, the client remains connected to the network. Only if re‐authentication fails is network access blocked. Default: 60 minutes.
•MAC Authentication configures how the access point uses MAC addresses to authorize wireless clients to access the network. This authentication method provides a basic level of authentication for wireless clients attempting to gain access to the network. A database of authorized MAC addresses can be stored locally on the Access Point 3000 or remotely on a central RADIUS server. (Default: Local MAC)
–Local MAC indicates that the MAC address of the associating station is compared against the local database stored on the access point. Local MAC Authentication enables the local database to be set up.
–RADIUS MAC specifies that the MAC address of the associating station is sent to a configured RADIUS server for authentication.
To use a RADIUS authentication server for MAC address authentication, the access point must be configured to use a RADIUS server, see RADIUS (page 4‐9).
–Disable specifies that the access point does not check an associating station’s MAC address.
If you specify RADIUS MAC for this default interface or VAP, you must specify the following parameters:
–MAC Authentication Password specifies the authentication password this radio interface or VAP sends to the RADIUS server to authenticate MAC addresses.
–MAC Authentication Session Timeout specifies the amount of time after which you want a MAC authentication session to timeout between the AP and the RADIUS server.
If you specify Local MAC for this default interface or VAP, you must specify Local MAC Authentication settings that configure the local MAC authentication database. The MAC database provides a mechanism to take certain actions based on a wireless client’s MAC address. You can configure The MAC list can be configured to allow or deny network access to specific clients.
–System Default specifies a default action for all unknown MAC addresses (that is, those not listed in the local MAC database).
‐Deny blocks access for all MAC addresses except those listed in the local database as “Allow”.
‐Allow permits access for all MAC addresses except those listed in the local database as “Deny”.
RoamAbout Access Point 3000 Configuration Guide
