NETGEAR WFS709TP-100NAS manual Client Mobility and AP Association, MAC Address Authentication

WFS709TP ProSafe Smart Wireless Switch Software Administration Manual

beyond the authentication process; to ensure privacy of user data, some form of link-layer encryption (such as WEP or WPA-PSK) should be used when sensitive data will be sent over the wireless network.

MAC Address Authentication

MAC address authentication is the process of examining the media access control (MAC) address of an associated device, comparing it to an internal or RADIUS database, and changing the user role to an authenticated state. MAC address authentication is not a secure form of authentication, as the MAC address of a network interface card (NIC) can be changed in software. MAC address authentication is useful for devices that cannot support a more secure form of authentication, such as barcode scanners, voice handsets, or manufacturing instrumentation sensors.

User roles mapped to MAC address authentication should be linked to restrictive policies to permit only the minimum required communication. Whenever possible, WEP encryption should also be employed to prevent unauthorized devices from joining the network.

Client Mobility and AP Association

When a wireless client associates with an AP, it retains the association for as long as possible. Generally, a wireless client only drops the association if the number of errors in data transmission is too high or the signal strength is too weak.

When a wireless client roams from one AP to another, the WFS709TP can automatically maintain the client’s authentication and state information. Clients do not need to reauthenticate or reassociate; the client only changes the radio that it uses. A client roaming between APs that are connected to the same WFS709TP maintains its original IP address and existing IP sessions.

You can also enable client mobility on all switches in a master WFS709TP’s hierarchy. This allows clients to roam between APs that are connected to different switches without needing to reauthenticate or obtain a new IP address. When a client associates with an AP, the client information is sent to the master WFS709TP. The master WFS709TP pushes out the client information to all local switches in its hierarchy. If the client roams to an AP connected to a different switch, the new switch recognizes the client and tunnels the client traffic back to the original switch.

v1.0, June 2007