Table of Contents
Advertisement
14.2
Supported Authentication Methods
802.1X Authentication
802.1X is an IEEE standard that provides an authentication framework for WLANs. The
802.1X standard uses the Extensible Authentication Protocol (EAP) to exchange messages
during the authentication process. The authentication protocols that operate inside the
802.1X framework include EAP-Transport Layer Security (EAP- TLS), Protected EAP
(PEAP), and EAP-Tunneled TLS (EAP-TTLS). These protocols allow the network to
authenticate the client while also allowing the client to authenticate the network. For more
information on EAP authentication framework supported by the APs, see Supported EAP
Authentication Frameworks .
The 802.1X authentication method allows an AP to authenticate the identity of a user before
providing network access to the user. The Remote Authentication Dial In User Service
(RADIUS) protocol provides centralized authentication, authorization, and accounting
management. For authentication purpose, the wireless client can associate to a network
access server (NAS) or RADIUS client such as a wireless AP. The wireless client can pass
data traffic only after a successful 802.1X authentication.
For more information on configuring an AP to use 802.1X authentication, see Configuring
802.1X Authentication for a Network Profile.
MAC Authentication
MAC authentication is used for authenticating devices based on their physical MAC
addresses. MAC authentication requires that
the MAC address of a machine matches a manually defined list of addresses. This
authentication method is not recommended for scalable networks and the networks that
require stringent security settings. For more information on configuring an AP to use MAC
authentication, see Configuring MAC Authentication for a Network Profile.
MAC Authentication with 802.1X Authentication
This authentication method has the following features:
MAC authentication precedes 802.1X authentication—The administrators can enable MAC
authentication for 802.1X authentication. MAC authentication shares all the authentication
server configurations with 802.1X authentication. If a wireless or wired client connects to the
network, MAC authentication is performed first. If MAC authentication fails, 802.1X
authentication does not trigger. If MAC authentication is successful, 802.1X authentication is
attempted. If 802.1X authentication is successful, the client is assigned an 802.1X
authentication role. If 802.1X authentication fails, the client is assigned a deny-all role or
mac-auth-only role.
MAC authentication only role—Allows you to create a mac-auth-only role to allow role-based
access rules when MAC authentication is enabled for 802.1X authentication. The mac-auth-
only role is assigned to a client when the MAC authentication is successful and 802.1X
authentication fails. If 802.1X authentication is successful, the mac-auth-only role is
overwritten by the final role. The mac-auth-only role is primarily used for wired clients.
SCALANCE W1750D UI
Configuration Manual, 02/2018 , C79000-G8976-C451-02
Authentication and User Management
14.2 Supported Authentication Methods
203
Hide quick links:
Advertisement
Table of Contents
