3Com Corporation WL306 Manuel D’Utilisation
20
C
HAPTER
3: A
CCESS
P
OINT
S
ECURITY
If authentication fails, the access point will continue to block traffic from that
client. The user may also manually log off and stop the agent, which suspends the
authentication process until the client manually logs on again or intentionally
re-associates with an access point. When a computer is logged off manually, the
access point blocks traffic from the client until the client logs on again.
client. The user may also manually log off and stop the agent, which suspends the
authentication process until the client manually logs on again or intentionally
re-associates with an access point. When a computer is logged off manually, the
access point blocks traffic from the client until the client logs on again.
Note that your authentication status icon may not necessarily reflect your
connection status. The status icon cannot be updated if the authenticating access
point cannot communicate with your computer. For example, you may have left
the coverage area of a subnet maintained by the access point in your network. If
you have roamed to the coverage area of another type of access point, the status
icon will continue to reflect the status it displayed when it was last in contact with
the authenticating access point. If you are unsure of your authentication status:
connection status. The status icon cannot be updated if the authenticating access
point cannot communicate with your computer. For example, you may have left
the coverage area of a subnet maintained by the access point in your network. If
you have roamed to the coverage area of another type of access point, the status
icon will continue to reflect the status it displayed when it was last in contact with
the authenticating access point. If you are unsure of your authentication status:
■
Log off and log on again.
■
Check the adapter status to see if it is still associating with an access point.
802.1x Client Properties
Use the Properties window to configure the agent for the type of authentication
the client should use.
the client should use.
Enable network access control using IEEE 802.1X. This box must be checked if
you are using authentication with your RADIUS server. If this box is unchecked, the
remainder of the window is grayed out.
you are using authentication with your RADIUS server. If this box is unchecked, the
remainder of the window is grayed out.
Network Adapter. Use this field to identify the network adapter to use for
connections requiring authentication. The list box lists all the network adapters
found in the computer. The highest level of security, 3Com’s Serial Authentication,
is available when the 3Com Wireless LAN PC card is installed and selected.
connections requiring authentication. The list box lists all the network adapters
found in the computer. The highest level of security, 3Com’s Serial Authentication,
is available when the 3Com Wireless LAN PC card is installed and selected.
Authentication Method. This field lets you specify the authentication method
used for this connection. The wireless authentication agent supports two types of
authentication:
used for this connection. The wireless authentication agent supports two types of
authentication:
■
EAP-MD5
■
Serial Authentication
The client and the access point must have the same authentication settings. If you
switch from serial authentication to EAP-MD5, or from EAP-MD5 to serial
authentication, clients will have to re-associate to the access point. When using
serial authentication with a 3Com Wireless LAN PC card, you should configure the
card to use “no security.” This is because the 802.1x agent configures the security
on the card.
switch from serial authentication to EAP-MD5, or from EAP-MD5 to serial
authentication, clients will have to re-associate to the access point. When using
serial authentication with a 3Com Wireless LAN PC card, you should configure the
card to use “no security.” This is because the 802.1x agent configures the security
on the card.
Serial Authentication Advanced Configuration. This window lets you
configure how the 802.1x agent handles certificates received from the EAP-TLS
server. The first option enables verification of authentication server certificates.
When this option is disabled, the 802.1x agent will not validate authentication
server certificates. Disabling this verification results in one-way authentication of
the client to the server, instead of the normal mutual authentication that takes
place in EAP-TLS.
configure how the 802.1x agent handles certificates received from the EAP-TLS
server. The first option enables verification of authentication server certificates.
When this option is disabled, the 802.1x agent will not validate authentication
server certificates. Disabling this verification results in one-way authentication of
the client to the server, instead of the normal mutual authentication that takes
place in EAP-TLS.
Two settings affect the way the 802.1x agent verifies the authentication sever
certificate. The first option allows you to import a certificate for a trusted server.
The second option causes the 802.1x agent to prompt for user validation
certificate. The first option allows you to import a certificate for a trusted server.
The second option causes the 802.1x agent to prompt for user validation