5-11
Authentication
The access point can also operate in a 802.1X supplicant mode. This enables the
access point itself to be authenticated with a RADIUS server using a configured
MD5 user name and password. This prevents rogue access points from gaining
access to the network.
Take note of the following points before configuring MAC address or 802.1X
authentication:
Use MAC address authentication for a small network with a limited number of
users. MAC addresses can be manually configured on the access point itself
without the need to set up a RADIUS server, but managing a large number of
MAC addresses across many access points is very cumbersome. A RADIUS
server can be used to centrally manage a larger database of user MAC
addresses.
Use IEEE 802.1X authentication for networks with a larger number of users and
where security is the most important issue. When using 802.1X authentication,
a RADIUS server is required in the wired network to centrally manage the
credentials of the wireless clients. It also provides a mechanism for enhanced
network security using dynamic encryption key rotation or W-Fi Protected
Access (WPA).
NOTE: If you configure RADIUS MAC authentication together with 802.1X,
RADIUS MAC address authentication is performed prior to 802.1X authentication.
If RADIUS MAC authentication succeeds, then 802.1X authentication is
performed. If RADIUS MAC authentication fails, 802.1X authentication is not
performe
d.