Enterasys RBT-4102 Specifications download pdf (Page 120)

Security

4-84 Advanced Configuration

The802.1xEAPpacketsarealsousedtopassdynamicunicastsessionkeysandstatic

broadcastkeystowirelessclients.Sessionkeysareuniquetoeachclientandareusedto

encryptandcorrelatetrafficpassingbetweenaspecificclientandtheaccesspoint.Youcan

alsoenablebroadcastkeyrotation,

sotheaccesspointprovidesadynamicbroadcastkeyand

changesitataspecifiedinterval.

Youcanenable802.1xasoptionallysupportedorasrequiredtoenhancethesecurityofthe

wirelessnetwork.

– Disableindicatesthattheaccesspointdoesnotsupport802.1xauthenticati onforany

wirelessclient.After

successfulwirelessassociationwiththeaccesspoint,eachclientis

allowedtoaccessthenetwork.

– Supportedindicatesthattheaccesspointsupports802.1xauthenticationonlyforclients

initiatingthe802.1xauthenticationprocess(thatis,theaccesspointdoesnotinitiate

802.1xauthenticati on).Forclientsinitiating802.1x,onlythosesuccessfullyauthenticated

are

allowedtoaccessthenetwork.Forthoseclientsnotinitia ting802.1x,accesstothe

networkisallowedaftersuccessfulwirelessassociationwiththeaccesspoint.

– Requiredindicatesthattheaccesspointenforces802.1xauthenticationforallassociated

wirelessclients.If802.1xauthenticationisnotinitiatedbyaclient,theaccess

pointwill

initiateauthentication.Onlythoseclientssuccessfullyauthenticatedwith802.1xare

allowedtoaccessthenetwork.

Whenyouenable802.1x,youcanalsoenablethebroadcastandsessionkeyrotationintervals.

– BroadcastKeyRefreshRatesetstheintervalatwhichthebroadcastkeysarerefreshedfor

stationsusing802.1xdynamic

keying.(Range:0‐1440minutes;Default:0meansdisabled)

– SessionKeyRefreshRatespecifiestheintervalatwhichtheaccesspointrefreshesunicast

sessionkeysforassociatedclients.(Range:0‐1440minutes;Default:0meansdisabled)

– 802.1xSessionTimeoutsetsthetimeperiodafterwhichaconnectedclientmustbere

‐

authenticated.Duringthere‐authenticationprocessofverifyingtheclient’scredentialson

theRADIUSserver,theclientremainsconnectedtothenetwork.Onlyifre‐authentication

failsisnetworkaccessblocked.Default:60minutes.

• MACAuthenticationconfigureshowtheaccesspointusesMACaddressestoauthorize

wirelessclientstoaccess

thenetwork.Thisauthenticationmethodprovidesabasiclevelof

authenticationforwirelessclientsattemptingtogainaccesstothenetwork.A databaseof

authorizedMACaddressescanbestoredlocal ly ontheRBT‐4102orremotelyonacentral

RADIUSserver.(Default:LocalMAC)

– LocalMACindicatesthattheMAC

addressoftheassociatingstationiscomparedagainst

thelocaldatabasestoredontheaccesspoint.LocalMACAuthenticationenablesthelocal

databasetobesetup.

– RADIUSMACspecifiesthattheMA Caddressoftheassociatingstationissenttoa

configuredRADIUSserverforauthentication. 

Tousea

RADIUSauthenticationserverforMACaddressauthentication,theaccesspoint

mustbeconfiguredtouseaRADIUSserver,seeRADIUS(page4‐11).

– Disablespecifiesthattheaccesspointdoesnotcheckanassociatingstation’sMACaddress.

1 2 ... 115 116 117 118 119 120 121 122 123 124 125 ... 167 168

Comments to this Manuals

No comments

Enterasys RBT-4102 Specifications Page 120

Comments to this Manuals

Related products and manuals for Routers Enterasys RBT-4102