Combining Mac-Based, Eap, And Open Authentication - Allen-Bradley Stratix 5100 User Manual

If MAC-authenticated clients on your wireless LAN roam frequently, you can
TIP
enable a MAC authentication cache on your access points. MAC authentication
caching reduces overhead because the access point authenticates devices in its
MAC-address cache without sending the request to your authentication server.
See Configuring MAC Authentication Caching on page 366
enabling this feature.
This figure shows the authentication sequence for MAC-based authentication.
Figure 94 - Sequence for MAC-Based Authentication
Client
device
1. Authentication request
2. Authentication success
3. Association request
4. Association response
(block traffic from client)

Combining MAC-Based, EAP, and Open Authentication

You can set up the access point to authenticate client devices by using a
combination of MAC-based and EAP authentication. When you enable this
feature, client devices that associate to the access point by using 802.11 open
authentication first attempt MAC authentication; if MAC authentication
succeeds, the client device joins the network. If MAC authentication fails, EAP
authentication takes place.
See the Assigning Authentication Types to an SSID on page 359
on setting up this combination of authentications.
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Configuring Authentication Types
Wired LAN
Access point
or bridge
5. Authentication request
6. Success
7. Access point or bridge unblocks
traffic from client
Chapter 12
for instructions on
Server
for instructions
355