WFS709TP ProSafe Smart Wireless Switch Software Administration Manual
Overview of the WFS709TP 1-15
v1.0, June 2007
beyond the authentication process; to ensure privacy of user data, some form of link-layer
encryption (such as WEP or WPA-PSK) should be used when sensitive data will be sent over the
wireless network.
MAC Address Authentication
MAC address authentication is the process of examining the media access control (MAC) address
of an associated device, comparing it to an internal or RADIUS database, and changing the user
role to an authenticated state. MAC address authentication is not a secure form of authentication,
as the MAC address of a network interface card (NIC) can be changed in software. MAC address
authentication is useful for devices that cannot support a more secure form of authentication, such
as barcode scanners, voice handsets, or manufacturing instrumentation sensors.
User roles mapped to MAC address authentication should be linked to restrictive policies to permit
only the minimum required communication. Whenever possible, WEP encryption should also be
employed to prevent unauthorized devices from joining the network.
Client Mobility and AP Association
When a wireless client associates with an AP, it retains the association for as long as possible.
Generally, a wireless client only drops the association if the number of errors in data transmission
is too high or the signal strength is too weak.
When a wireless client roams from one AP to another, the WFS709TP can automatically maintain
the client’s authentication and state information. Clients do not need to reauthenticate or
reassociate; the client only changes the radio that it uses. A client roaming between APs that are
connected to the same WFS709TP maintains its original IP address and existing IP sessions.
You can also enable client mobility on all switches in a master WFS709TP’s hierarchy. This allows
clients to roam between APs that are connected to different switches without needing to
reauthenticate or obtain a new IP address. When a client associates with an AP, the client
information is sent to the master WFS709TP. The master WFS709TP pushes out the client
information to all local switches in its hierarchy. If the client roams to an AP connected to a
different switch, the new switch recognizes the client and tunnels the client traffic back to the
original switch.