Moxa Technologies MOXA AirWorks User Manual
MOXA AirWorks AWK-1100 User’s Manual
Web Console Configuration
3-19
Sample MAC ACL file
To download a MAC ACL file from a TFTP server:
1. Specify the IP address of the TFTP server in the TFTP server IP address text box.
2. Specify the name of the MAC ACL file on the TFTP server in the MAC ACL file name text
2. Specify the name of the MAC ACL file on the TFTP server in the MAC ACL file name text
box.
3. Click Download.
IEEE 802.1X/RADIUS (AP mode only)
IEEE 802.1X Port-Based Network Access Control is a new standard for solving some security
issues associated with IEEE 802.11, such as lack of user-based authentication and dynamic
encryption key distribution. With IEEE 802.1X and the help of a RADIUS (Remote
Authentication Dial-In User Service) server and a user account database, an enterprise or ISP
(Internet Service Provider) can manage its mobile users’ access to its wireless LANs. Before being
granted access to a wireless LAN supporting IEEE 802.1X, a user needs to issue his or her user
name and password or digital certificate to the backend RADIUS server by EAPOL (Extensible
Authentication Protocol Over LAN). The RADIUS server can record accounting information, such
as when a user logs on to the wireless LAN and logs off from the wireless LAN for monitoring or
billing purposes.
issues associated with IEEE 802.11, such as lack of user-based authentication and dynamic
encryption key distribution. With IEEE 802.1X and the help of a RADIUS (Remote
Authentication Dial-In User Service) server and a user account database, an enterprise or ISP
(Internet Service Provider) can manage its mobile users’ access to its wireless LANs. Before being
granted access to a wireless LAN supporting IEEE 802.1X, a user needs to issue his or her user
name and password or digital certificate to the backend RADIUS server by EAPOL (Extensible
Authentication Protocol Over LAN). The RADIUS server can record accounting information, such
as when a user logs on to the wireless LAN and logs off from the wireless LAN for monitoring or
billing purposes.
The IEEE 802.1X functionality of the access point is controlled by the security mode. So far, the
wireless access point supports two authentication mechanisms—EAP-MD5 (Message Digest
version 5), EAP-TLS (Transport Layer Security). If EAP-MD5 is used, the user must give his or
her user name and password for authentication. If EAP-TLS is used, the wireless client computer
automatically gives the user’s digital certificate that is stored in the computer hard disk or a smart
card for authentication. And after a successful EAP-TLS authentication, a session key is generated
automatically for encrypting wireless packets sent between the wireless client computer and the
associated wireless access point. In short, EAP-MD5 only supports user authentication, whereas
EAP-TLS supports both user authentication and dynamic encryption key distribution.
wireless access point supports two authentication mechanisms—EAP-MD5 (Message Digest
version 5), EAP-TLS (Transport Layer Security). If EAP-MD5 is used, the user must give his or
her user name and password for authentication. If EAP-TLS is used, the wireless client computer
automatically gives the user’s digital certificate that is stored in the computer hard disk or a smart
card for authentication. And after a successful EAP-TLS authentication, a session key is generated
automatically for encrypting wireless packets sent between the wireless client computer and the
associated wireless access point. In short, EAP-MD5 only supports user authentication, whereas
EAP-TLS supports both user authentication and dynamic encryption key distribution.