Alfa Network AWAP05O User Manual page 62

6
System Configuration
• System Default: Specifies a default action for all unknown MAC addresses (that is,
those not listed in the local MAC database).
- Deny: Blocks access for all MAC addresses except those listed in the local
database as "Allow."
- Allow: Permits access for all MAC addresses except those listed in the local
database as "Deny."
• MAC Authentication Settings: Enters specified MAC addresses and permissions
into the local MAC database.
- MAC Address: Physical address of a client. Enter six pairs of hexadecimal digits
separated by hyphens; for example, 00-90-D1-12-AB-89.
- Permission: Select Allow to permit access or Deny to block access. If Delete is
selected, the specified MAC address entry is removed from the database.
- Update: Enters the specified MAC address and permission setting into the local
database.
• MAC Authentication Table: Displays current entries in the local MAC database.
Client station MAC authentication occurs prior to the IEEE 802.1x
Note:
authentication procedure configured for the access point. However, a client's
MAC address provides relatively weak user authentication, since MAC
addresses can be easily captured and used by another station to break into
the network. Using 802.1x provides more robust user authentication using
user names and passwords or digital certificates. So, although you can
configure the access point to use MAC address and 802.1x authentication
together, it is better to choose one or the other, as appropriate.
802.1x Setup – IEEE 802.1x is a standard framework for network access control that
uses a central RADIUS server for user authentication. This control feature prevents
unauthorized access to the network by requiring an 802.1x client application to
submit user credentials for authentication. The 802.1x standard uses the Extensible
Authentication Protocol (EAP) to pass user credentials (either digital certificates,
user names and passwords, or other) from the client to the RADIUS server. Client
authentication is then verified on the RADIUS server before the access point grants
client access to the network.
The 802.1x EAP packets are also used to pass dynamic unicast session keys and
static broadcast keys to wireless clients. Session keys are unique to each client and
are used to encrypt and correlate traffic passing between a specific client and the
access point. You can also enable broadcast key rotation, so the access point
provides a dynamic broadcast key and changes it at a specified interval.
You can enable 802.1x as optionally supported or as required to enhance the
security of the wireless network.
• Disable: The access point does not support 802.1x authentication for any wireless
client. After successful wireless association with the access point, each client is
allowed to access the network.
6-12