Table of Contents
Advertisement
WAB–3000 Wireless Access Point
MAC Address Filtering
The MAC address, short for Media Access Control address, is a hard-
ware address that uniquely identifies each node of a network. In IEEE 802
networks, the Data Link Control (DLC) layer of the OSI Reference Model
is divided into two sub-layers: the Logical Link Control (LLC) layer and the
Media Access Control (MAC) layer. The MAC layer interfaces directly with
the network media. Consequently, each type of network media requires a
unique MAC address.
Authentication is the process of proving a client identity. The
WAB–3000 access points, if set up to use MAC address filtering, detect
an attempt to connect by a client and compare the client's MAC address
to those on a predefined MAC address filter list. Only client addresses
found on the list are allowed to associate. MAC addresses are pre-as-
signed by the manufacturer for each wireless card.
DHCP Server
The DHCP function is accessible only from the local LAN port to be
used for initial configuration.
Operator Authentication and Management
Authentication mechanisms are used to authenticate an operator ac-
cessing the device and to verify that the operator is authorized to assume
the requested role and perform services within that role. The WAB–3000
provides authentication services for all users of the wireless network
when they first attempt to connect. While the user must log in, basic non-
user generated information is allowed to pass on the wireless network
prior to authentication, including the authentication data to and from
the authentication server and audit records passed from the client to the
server. The user is not allowed to specifically send any traffic over the net-
work until successful authentication. Once successfully authenticated, all
actions taken by that user (such as accessing a connected printer) and by
processes created or started by that user, will be associated with that user,
binding the credentials from the user account to all subsequent user pro-
cesses. This ensures that all processes and network traffic are authorized.
User accounts are defined with three basic attributes: username, role
and authentication credentials (i.e. password). A user account can be
defined as a normal user or as an administrator. Administrative users can
access the TOE management interface in addition to being able to use the
wireless network, while normal users can only access the wireless net-
work.
The TOE authentication sequence includes a counter for unsuccessful
attempts. When a user or administrator fails to enter the correct creden-
tials after a specified number of attempts (the default is 3), the account
will be locked. The account must then be unlocked by a Crypto Officer in
the case of an administrator locking their account). This is active for ac-
cess to the management website.
10
Chapter 1: Introduction
29000171-001 A
Advertisement
Table of Contents
