Filter
Top Products
118 Operation
Chapter 4 - System Configuration
4.6.2.4 Configuring 802.1X
IEEE 802.1X is a standard framework for network access control that uses a
central RADIUS server for user authentication. This control feature prevents
unauthorized access to the network by requiring an 802.1X client application to
submit user credentials for authentication. The 802.1X standard uses the
Extensible Authentication Protocol (EAP) to pass user credentials (either digital
certificates, user names and passwords, or other) from the client to the RADIUS
server. Client authentication is then verified on the RADIUS server before the
access point grants client access to the network.
The 802.1X EAP packets are also used to pass dynamic unicast session keys and
static broadcast keys to wireless clients. Session keys are unique to each client
and are used to encrypt and correlate traffic passing between a specific client and
the access point. You can also enable broadcast key rotation, so the access point
provides a dynamic broadcast key and changes it at a specified interval.
Open the Security page, and click More for one of the VAP interfaces.
Enterprise AP(config)#interface wireless g 215
Enter Wireless configuration commands, one per line.
Enterprise AP(if-wireless g)#vap 0
Enterprise AP(if-wireless g: VAP[0])#auth wpa required
Data Encryption is set to Enabled.
WPA2 Clients mode is set to Disabled.
WPA Clients Mode is set to Required.
WPA Multicast Cipher is set to TKIP.
WPA Unicast Cipher can accept TKIP only.
WPA Authentication is set to 802.1X Required.
Enterprise AP(if-wireless g: VAP[0])#802.1X broadcast-key-refresh-rate 5
Enterprise AP(if-wireless g: VAP[0])#802.1X
session-key-refresh-rate 5
Enterprise AP(if-wireless g: VAP[0])#802.1X session-timeout 300
Enterprise AP(if-wireless g: VAP[0])#
Figure 4-27: 802.1X Configuration