Motorola RFS Series Reference Manual page 32

1-22 Motorola RF Switch Systen Reference
uses the MAC address of the MU as both the username and password (this configuration is also expected
on the Radius server). MAC-Auth supports all encryption types, and (in case of 802.11i) the handshake is
completed before the Radius lookup begins. For information on configuring 802.1x EAP for a WLAN, see
Configuring MAC Authentication on page
1.2.5.3 Secure Beacon
Devices in a wireless network use Service Set Identifiers (SSIDs) to communicate. An SSID is a text string
up to 32 bytes long. An AP in the network announces its status by using beacons. To avoid others from
accessing the network, the most basic security measure adopted is to change the default SSID to one not
easily recognizable, and disable the broadcast of the SSID.
The SSID is a code attached to all packets on a wireless network to identify each packet as part of that
network. All wireless devices attempting to communicate with each other must share the same SSID. Apart
from identifying each packet, the SSID also serves to uniquely identify a group of wireless network devices
used in a given service set.
1.2.5.4 MU to MU Disallow
Use MU to MU Disalllow to restrict MU to MU communication within a WLAN. The default is 'no', which
allows MUs to exchange packets with other MUs. It does not prevent MUs on other WLANs from sending
packets to this WLAN. You would have to enable MU to MU Disallow on the other WLAN. To define how MU
to MU traffic is permitted for a WLAN, see Editing the WLAN Configuration on page 4-25.
1.2.5.5 802.1x Authentication
802.1x Authentication cannot be disabled (its always enabled). A factory delivered out-of-the-box
AP300 supports 802.1x authentication using a default username and password. EAP-MD5 is used for 802.1x.
When you initially switch packets on an out-of-the-box AP300 port, it immediately attempts to authenticate
using 802.1x. Since 802.1x supports supplicant initiated authentication, the AP300 attempts to initiate the
authentication process.
On reset (all resets including power-up), the AP300 sends an EAPOL start message every time it sends a Hello
message (periodically every 1 second). The EAPOL start is the supplicant initiated attempt to become
authenticated.
If an appropriate response is received in response to the EAPOL start message, the AP300 attempts to
proceed with the authentication process to completion. Upon successful authentication, the AP300 transmits
the Hello message and the download proceeds the way as it does today.
If no response is received from the EAPOL start message, or if the authentication attempt is not successful,
the AP300 continues to transmit Hello messages followed by LoadMe messages. If a parent reply is received
in response to the Hello message, then downloading continue normally - without authentication. In this case,
you need not enable or disable the port authentication.
802.1x authentication is conducted:
• At power up
• On an AP300 operator initiated reset (such as pulling Ethernet cable)
• When the switch administrator initiates a reset of the AP300.
• When re-authentication is initiated by the Authenticator (say the switch in between)
4-43.