Motorola WS5100 manual 1.2.5.3Secure Beacon, 1.2.5.4MU to MU Allow, 1.2.5.5MU to MU Disallow

1-20WS5100 Series Switch System Reference Guide

uses the MAC address of the MU as both the username and password (this configuration is also expected on the Radius server). MAC-Auth supports all encryption types, and (in case of 802.11i) the handshake is allowed to be completed before the Radius lookup begins. For information on configuring 802.1x EAP for a WLAN, see Configuring Dynamic MAC ACL on page 4-36.

1.2.5.3Secure Beacon

All the devices in a wireless network use Service Set Identifiers (SSIDs) to communicate. An SSID is a text string up to 32 bytes long. An AP in the network announces its status by using beacons. To avoid others from accessing the network, the most basic security measure adopted is to change the default SSID to one not easily recognizable, and disable the broadcast of the SSID.

The SSID is a code attached to all packets on a wireless network to identify each packet as part of that network. All wireless devices attempting to communicate with each other must share the same SSID. Apart from identifying each packet, the SSID also serves to uniquely identify a group of wireless network devices used in a given service set.

1.2.5.4MU to MU Allow

MU to MU allow enables frames from one MU (where the destination MAC is that of another MU) to be switched to the second MU.

1.2.5.5MU to MU Disallow

Use MU to MU Disalllow to restrict MU to MU communication within a WLAN. The default is ‘no’, which allows MUs to exchange packets with other MUs. It does not prevent MUs on other WLANs from sending packets to this WLAN. You would have to enable MU to MU Disallow on the other WLAN.

1.2.5.6Switch-to-Wired

The MU frames are switched out to the wired network (out of the switch). Another upstream device decides whether the frame should be sent back to the second MU, and if so it sends the frame back to the switch, and it is switched out just like any other frame on the wire. This allows a drop/allow decision to be made by a device other than the wireless switch.

1.2.5.7802.1x Authentication

802.1x Authentication cannot be disabled (its always enabled). A factory delivered out-of-the-box

AP300 supports 802.1x authentication using a default username and password. EAP-MD5 is used for 802.1x.

•The default username is admin

•The default password is symbol

When you initially switch packets on an out-of-the-box AP300 port, it immediately attempts to authenticate using 802.1x. Since 802.1x supports supplicant initiated authentication, the AP300 attempts to initiate the authentication process.

On reset (all resets including power-up), the AP300 sends an EAPOL start message every time it sends a Hello message (periodically every 1 second). The EAPOL start is the supplicant initiated attempt to become authenticated.

If an appropriate response is received in response to the EAPOL start message, the AP300 attempts to proceed with the authentication process to completion. Upon successful authentication, the AP300 transmits the Hello message and the download proceeds the way as it does today.