802.1x EAP-MD5.The IEEE 802.1x functionality is enabled and the username/password-based EAP-MD5 authentication is used. No data encryption.
802.1x EAP-MD5 + 64-bit WEP. The IEEE 802.1x functionality is enabled and the username/password-based EAP-MD5 authentication is used. Data encryption is achieved by 64-bit WEP.
802.1x EAP-MD5 + 128-bit WEP. The IEEE 802.1x functionality is enabled and the username/password-based EAP-MD5 authentication is used. Data encryption is achieved by 128-bit WEP.
802.1x EAP-TLS; no encryption. The IEEE 802.1x functionality is enabled and the digital certificate-based EAP-TLS user authentication. No data encryption is used.
802.1x EAP-TLS64-bit key. The IEEE 802.1x functionality is enabled and the digital certificate- based EAP-TLS (Transport Layer Security) user authentication and data encryption is used. Session keys are 64-bit.
802.1x EAP-TLS128-bit key. The IEEE 802.1x functionality is enabled and the digital certificate-based EAP-TLS user authentication and data encryption is used. Session keys are 128-bit.
See Section 3.4.3 for more information about IEEE 802.1x.
With MAC-Address-Based Access Control, you can specify the wireless client computers that are permitted or not permitted to connect to the advanced AP. When the table type is set to inclusive, entries in the table are permitted to connect to the advanced AP. When the table type is set to exclusive, entries in the table are not permitted to connect to the advanced AP.
To deny wireless clients’ access to the wireless network:
1.Select Enabled from the Functionality drop-down list.
2.Set the Access control type to exclusive.
3.Specify the MAC address of a wireless client to be denied access, and then click Add.
4.Repeat Steps 3 for other wireless clients.
To grant wireless clients’ access to the wireless network:
1.Select Enabled from the Functionality drop-down list.
2.Set the Access control type to inclusive.
3.Specify the MAC address of a wireless client to be granted access, and then click Add.
4.Repeat Steps 3 for other wireless clients.
To delete an entry in access control table:
Click Delete next to the entry.
3.4.3IEEE 802.1x/RADIUS
IEEE 802.1x Port-Based Network Access Control is a new standard for solving some security issues associated with IEEE 802.11, such as lack of user-based authentication and dynamic encryption key distribution. With IEEE 802.1x and the help of a RADIUS (Remote Authentication Dial-In User Service) server and a user account database, an enterprise or ISP (Internet Service Provider) can manage its mobile users' access to its wireless LANs. Before granted access to a wireless LAN supporting IEEE 802.1x, a user has to issue his or her user name and password or digital certificate to the backend RADIUS server by EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS server can record accounting information such as when a user logs on to the wireless LAN and logs off from the wireless LAN for monitoring or billing purposes.