Mac Address Authentication To The Network - Allen-Bradley Stratix 5100 User Manual
Wireless access point/workgroup bridge
Hide thumbs
Also See for Stratix 5100:
- Product information (8 pages) ,
- Product information (8 pages) ,
- Product information (8 pages)
Table of Contents
Advertisement
Chapter 12
Configuring Authentication Types
354
The client uses a one-way encryption of the user-supplied password to generate a
response to the challenge and sends that response to the RADIUS server. By
using information from its user database, the RADIUS server creates its own
response and compares that to the response from the client. When the RADIUS
server authenticates the client, the process repeats in reverse, and the client
authenticates the RADIUS server.
When mutual authentication is complete, the RADIUS server and the client
determine a WEP key that is unique to the client and provides the client with the
appropriate level of network access, thereby approximating the level of security in
a wired switched segment to an individual desktop. The client loads this key and
prepares to use it for the logon session.
During the logon session, the RADIUS server encrypts and sends the WEP key,
called a session key, over the wired LAN to the access point. The access point
encrypts its broadcast key with the session key and sends the encrypted broadcast
key to the client, that uses the session key to decrypt it. The client and access
point activate WEP and use the session and broadcast WEP keys for all
communication during the remainder of the session.
There is more than one type of EAP authentication, but the access point behaves
the same way for each type: it relays authentication messages from the wireless
client device to the RADIUS server and from the RADIUS server to the wireless
client device.
See
Assigning Authentication Types to an SSID on page 359
setting up EAP on the access point.
If you use EAP authentication, you can choose open or shared key
IMPORTANT
authentication, but you don't have to. EAP authentication controls
authentication both to your access point and to your network.
MAC Address Authentication to the Network
The access point relays the wireless client device's MAC address to a RADIUS
server on your network, and the server checks the address against a list of allowed
MAC addresses. Intruders can create counterfeit MAC addresses, so MAC-based
authentication is less secure than EAP authentication.
However, MAC-based authentication provides an alternate authentication
method for client devices that don't have EAP capability.
See the
Assigning Authentication Types to an SSID on page 359
on enabling MAC-based authentication.
If you don't have a RADIUS server on your network, you can create a list of
TIP
allowed MAC addresses on the access point's Advanced Security: MAC Address
Authentication page. Devices with MAC addresses not on the list are not
allowed to authenticate.
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
for instructions on
for instructions
Advertisement
Table of Contents
Related Manuals for Allen-Bradley Stratix 5100
Related Products for Allen-Bradley Stratix 5100
- Allen-Bradley Kinetix 5100 2198-E1004-ERS
- Allen-Bradley Kinetix 5100 2198-E1007-ERS
- Allen-Bradley Kinetix 5100 2198-E1020-ERS
- Allen-Bradley Kinetix 5100 2198-E1015-ERS
- Allen-Bradley Kinetix 5100 2198-E2030-ERS
- Allen-Bradley Kinetix 5100 2198-E2055-ERS
- Allen-Bradley Kinetix 5100 2198-E2075-ERS
- Allen-Bradley Kinetix 5100 2198-E2150-ERS