Netgear WC7520 - ProSafe 20-AP Wireless Controller Manual De Referência
Configuring Network Access and Security
118
ProSafe 20-AP Wireless Controller WC7520
Guidelines for External MAC Authentication
To use an external ACL:
1.
Configure an ACL on an external RADIUS server.
2.
On an Edit Profile screen (see
),
next to MAC ACL, select the External radio button.
3.
From the External Radius Server drop-down list, select an external authentication server.
The wireless controller consults the MAC ACL at initial client authentication. While a client
roams, the wireless controller uses cached authentication information. After a client has
disassociated from the access point and then attempts to reassociate again, the wireless
controller once again consults the MAC ACL.
roams, the wireless controller uses cached authentication information. After a client has
disassociated from the access point and then attempts to reassociate again, the wireless
controller once again consults the MAC ACL.
Note the following external RADIUS server guidelines:
•
For each MAC authentication client, you need to configure a policy on the RADIUS
server.
•
During MAC authentication, the wireless controller sends the following information to the
RADIUS server:
-
MAC address in the format xx:xx:xx:xx:xx:xx
-
user name
-
calling station ID
•
The wireless controller uses CHAP as the authentication protocol with the RADIUS
server.
•
You can configure either MAC authentication with an external RADIUS server or network
authentication with an external RADIUS server (see
on page 81), but not both. That is, if you configure an external
RADIUS server with WPA, WPA2, or WPA & WPA2, you cannot use external MAC
authentication but are limited to internal MAC authentication.
authentication but are limited to internal MAC authentication.
Configure Basic Local MAC Authentication Settings
You would typically use the basic MAC authentication group in the profiles of a basic profile
group of a small-scale network. However, you can assign the basic MAC authentication
group to any profile, whether in the basic profile group or in an advanced profile group.
group of a small-scale network. However, you can assign the basic MAC authentication
group to any profile, whether in the basic profile group or in an advanced profile group.
To set up basic MAC authentication:
1.
Select Configuration > Security > Basic > MAC ACL. The basic MAC Authentication
screen displays:
screen displays: