With MAC-Address-Based Access Control, you can specify the wireless clients (STAs or Bridge Slaves) that are permitted or not permitted to asso- ciate with the SMCWHSG44-G. When the table type is set to inclusive, entries in the table are permitted to associate and all other users are blocked. When the table type is set to exclusive, entries in the table are not permitted to associate with the SMCWHSG44-G while other users are allowed access.
To deny wireless clients' access to the wireless network:
1.Select Enabled from the Functionality drop-down list.
2.Set the Access control type to exclusive.
3.Specify the MAC address of a wireless client to be denied access, and then click Add.
4.Repeat Step 3 for each other wireless client.
To grant wireless clients' access to the wireless network:
1.Select Enabled from the Functionality drop-down list.
2.Set the Access control type to inclusive.
3.Specify the MAC address of a wireless client to allow access, and then click Add.
4.Repeat Step 3 for each other wireless client.
To delete an entry in the access control table:
• Click Delete next to the entry.
NOTE: The size of the access control table is 64.
2.5.3. IEEE 802.1x/RADIUS
IEEE 802.1x Port-Based Network Access Control is a new standard for solv- ing some security issues associated with IEEE 802.11, such as lack of user- based authentication and dynamic encryption key distribution. With IEEE 802.1x, a RADIUS (Remote Authentication Dial-In User Service) server, and a user account database, an enterprise or ISP (Internet Service Provider) can manage its mobile users' access to its wireless LANs. Before granting access to a wireless LAN supporting IEEE 802.1x, a user has to issue his or her user name and password or digital certificate to the backend RADIUS server by EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS server can record accounting information such as when a user logs on to the wireless LAN and logs off from the wireless LAN for monitoring or billing purposes.
The IEEE 802.1x functionality of the access point is controlled by the security mode (see Section 2.5.2.1). So far, the wireless access point supports two authentication mechanisms-EAP-MD5 (Message Digest version 5), EAP-TLS (Transport Layer Security). If EAP-MD5 is used, the user has to give his or her user name and password for authentication. If EAP-TLS is used, the wireless client computer automatically gives the user's digital certificate that is
