31
Authentication, clients attempting to authenticate to the access point MUST pass these
settings before any subsequent 802.1x authentication is attempted and verified. If no
MAC address filtering is desired, leave this set to the default setting of Disable.
Configure the options as described below. When you are finished, click Apply.
• MAC Authentication— Selecting MAC authentication allows you to define
access permission and precedence. Options are:
Local MAC— With this option, the MAC address of the associating station is
compared against the local access control list. You must build this list (called the
MAC Authentication Table) as described in Local MAC Authentication below.
Use this option if you want to restrict wireless clients authentication to the access
point based off their MAC address.
RADIUS MAC— With this option, the MAC address of the associating station is
sent to the configured RADIUS server for validation. You must specify the
authentication sequence and the corresponding parameters for the remote
authentication protocol. See “RADIUS” on page 29 and “802.1x Wireless
Setup” below.
Disable— No MAC address related checks are performed on a client requesting
authentication to the access point.
• 802.1x Wireless Setup—802.1x is designed to enhance the security management
of the wireless network. Select one of the following options:
Disable— The access point will neither initiate nor respond to any 802.1x
authentication requests to or from wireless clients.
Supported — Legacy clients (non 802.1x) and 802.1x clients are both supported.
This is provided for ease of migration. This option works with WPA key
management set to either “WPA authentication over 802.1x” or “WPA pre-shared
key (PSK)” on the radio security page.
Required — Clients authenticate to a RADIUS server via the access point. Clients
are not allowed onto the wired LAN until authentication is successful.
When 802.1x is enabled, the broadcast and session key rotation intervals can also
be configured. Set these values to force the periodic refresh of broadcast or session
keys for each 802.1x client.
First set up the RADIUS authentication for the client on the RADIUS
authentication server. (See “RADIUS” on page 29.) Select Supported or Required
on the 802.1x Wireless Setup field above. Enter data as described in the following
table.
Field Default Description
Broadcast Key Refresh Rate 0
(minutes)
Defines how long the RADIUS server will
refresh the primary broadcast key.