Web: Configuring Mac Address Authentication - HP ProCurve 420 Management And Configuration Manual
Hide thumbs
Also See for ProCurve 420:
- Management and configuration manual (257 pages) ,
- Getting started manual (94 pages) ,
- Installation and getting started manual (78 pages)
Table of Contents
Advertisement
N o t e
Web: Configuring MAC Address Authentication
The access point can be configured to authenticate client MAC addresses
against a database stored locally on the access point or remotely on a RADIUS
server. Client MAC addresses in the local database can be specified as allowed
or denied access the network. This enables the access point to control which
devices can associate with the access point.
If a RADIUS authentication server is used for MAC authentication, the server
must first be configured in the RADIUS window.
Client station MAC authentication occurs prior to any IEEE 802.1x authenti
cation configured for the access point. However, a client's MAC address
provides relatively weak user authentication, since MAC addresses can be
easily captured and used by another station to break into the network. Using
802.1x provides more robust user authentication using user names and pass-
words or digital certificates. So, although you can configure the access point
to use MAC address and 802.1x authentication together, it is better to choose
one or the other, as appropriate. Consider the following guidelines:
■
Use MAC address authentication for a small network with a limited
number of users. MAC addresses can be manually configured on the
access point itself without the need to set up a RADIUS server. The access
point supports up to 1024 MAC addresses in its filtering table, but
managing a large number of MAC addresses across more than one access
point quickly becomes very cumbersome.
■
Use IEEE 802.1x authentication for networks with a larger number of
users and where security is the most important issue. A RADIUS server is
required in the wired network to control the user credentials (digital
certificates, smart cards, passwords, or other) of wireless clients. The
802.1x authentication approach provides a standards-based, flexible, and
scalable solution that can be centrally managed. However, implementing
802.1x requires more resources and skills to operate and maintain a
RADIUS server and manage a large database of user credentials.
The Authentication window on the Security tab enables the access point to be
configured to use MAC address authentication.
The web interface enables you to modify these parameters:
■
MAC Authentication: The type of authentication method the system
employs when authenticating a wireless client's MAC address.
Access Point Configuration
Configuring Wireless Security
5-53
Advertisement
Table of Contents
