Filter
Top Products
Security
2-14
Authentication
The RoamAbout AP supports authentication of wireless workgroup clients. An AP can
authenticate clients based on:
• MAC address
• 802.1X
• Both MAC address and 802.1X (Hybrid authentication)
When using any of these types of authentication, you must configure the AP as a RADIUS
client.
RADIUS Client
RADIUS (Remote Authentication Dial In User Service) is a protocol that the AP uses to
communicate with a remote Authentication Server. Separating the Authentication Server
from the AP means that several APs can share the same centralized authorization database.
However, it also means that to successfully authenticate wireless clients, you must
configure the AP as a RADIUS client.
When configured as a RADIUS client, the AP passes user authentication information to a
designated RADIUS Server. The RADIUS Server receives inbound user connection
requests, processes the requests to authenticate the user, then responds to the AP with the
necessary information to deliver service to the user. The AP acts on the response that is
returned by the RADIUS Server to allow or deny the user’s access to the network.
The AP and RADIUS Server authenticate transactions through the use of a shared secret,
which is never sent over the network. They use the shared secret to encrypt RADIUS
attributes containing passwords or other sensitive data. This network security greatly
reduces the possibility of disclosed passwords or divulged secrets.
If you enable authentication on the AP without configuring it as a RADIUS client, the AP
will be unable to contact the Authentication Server. Therefore, the AP will assume that all
of the clients on the controlled ports are unauthorized and will prevent access to the LAN.
MAC Address Authentication
MAC address authentication is a form of authentication that does not place any special
requirements upon clients. The RADIUS Server is configured with the MAC addresses of
the wireless clients. When a client associates with the wireless LAN, the AP uses the
client’s MAC address as the user name. The client is unaware that a MAC address
authentication is taking place, except to the extent that the AP blocks LAN access as a
result.