You can set up the access point to authenticate
client devices using a combination of MAC-based and EAP authentication.
When you enable this feature, client devices that associate to the
access point using 802.11 open authentication first attempt MAC
authentication. If MAC authentication succeeds, the client device
joins the network. If the client is also using EAP authentication,
it attempts to authenticate using EAP. If MAC authentication fails,
the access point waits for the client device to attempt EAP authentication.
MAC Addresses Authenticated by
If you want the authentication to be stored
on the access point, choose Local List Only and enter MAC
addresses. If you want the authentication to be stored on the server,
choose the Authentication Server Only option. Choose Authentication
Server if not found in Local List if you want to try MAC authentication
list first and then automatically try the Authentication server
list. If the authentication succeeds, the client joins the network.
You are required to define at least one server
and check Use for MAC Authentication on the Server
Manager window if you select either Authentication Server Only
or Authentication Server if not found in Local List.
MAC Authentication Client Holdoff
This feature is currently not available.
Local List
The MAC addresses appear in the Local List. The
MAC addresses remain in the management system until you remove them.
To remove the MAC address from the list, select it and click Delete.
New MAC Address
If you need to enter a new MAC address, type the
address with periods separating character pins. Then click Apply
to put the MAC address in the management system. You must also enable
MAC address authentication on the SSID
Manager window. You can navigate to the Association
page to verify that the preconfigured clients were associated and
authenticated.
EAP Authentication
The EAP authentication designates the server as
an authenticator for any EAP type, including LEAP, EAP-TLS, and
EAP-MD5.
EAP Reauthentication
Interval
Click Disable Reauthentication if you don't
want to force reauthentication and the switching of encryption keys.
If you choose to enable it, you can set the timeframe for reauthentication.
Clicking Enable Reauthentication with Interval forces reauthentication
and switching of encryption keys. You can also choose to enable
reauthentication using the interval provided by the authentication
server.
EAP Client Timeout (optional)
The amount of time the access point waits for a
wireless client to reply with EAP authentication information. After
the time expires, the association manager module in the access point
disassociates the client.
See Also: Enabling
and Configuring Local MAC Authentication,
Advanced Security: MAC Address Authentication,
Advanced Security: Association Access List
|