Справочник Пользователя для Interepoch Technology Inc. IWE1100
15
!
802.1x EAP-TLS; no encryption. The IEEE 802.1x functionality is enabled and the digital
certificate-based EAP-TLS user authentication. No data encryption is used.
certificate-based EAP-TLS user authentication. No data encryption is used.
!
802.1x EAP-TLS + 64-bit key. The IEEE 802.1x functionality is enabled and the digital cer-
tificate-based EAP-TLS (Transport Layer Security) user authentication and data encryption is
used. Session keys are 64-bit.
tificate-based EAP-TLS (Transport Layer Security) user authentication and data encryption is
used. Session keys are 64-bit.
!
802.1x EAP-TLS + 128-bit key. The IEEE 802.1x functionality is enabled and the digital
certificate-based EAP-TLS user authentication and data encryption is used. Session keys are
128-bit.
certificate-based EAP-TLS user authentication and data encryption is used. Session keys are
128-bit.
See Section 3.4.3 for more information about IEEE 802.1x.
With MAC-Address-Based Access Control, you can specify the wireless client computers that are
permitted or not permitted to connect to the AP. When the table type is set to inclusive, entries in the
table are permitted to connect to the AP. When the table type is set to exclusive, entries in the table
are not permitted to connect to the AP.
permitted or not permitted to connect to the AP. When the table type is set to inclusive, entries in the
table are permitted to connect to the AP. When the table type is set to exclusive, entries in the table
are not permitted to connect to the AP.
To deny wireless clients’ access to the wireless network:
1.
Set the Access control type to exclusive.
2.
Specify the MAC address of a wireless client to be denied access.
3.
Select the corresponding Enabled check box.
4.
Repeat Steps 1 to 3 for other wireless clients.
To grant wireless clients’ access to the wireless network:
1.
Set the Access control type to inclusive.
2.
Specify the MAC address of a wireless client to be granted access.
3.
Select the corresponding Enabled check box.
4.
Repeat Steps 1 to 3 for other wireless clients.
3.4.3. IEEE 802.1x/RADIUS (Advanced Model)
IEEE 802.1x Port-Based Network Access Control is a new standard for solving some security issues
associated with IEEE 802.11, such as lack of user-based authentication and dynamic encryption key
distribution. With IEEE 802.1x and the help of a RADIUS (Remote Authentication Dial-In User
Service) server and a user account database, an enterprise or ISP (Internet Service Provider) can man-
age its mobile users' access to its wireless LANs. Before granted access to a wireless LAN supporting
IEEE 802.1x, a user has to issue his or her user name and password or digital certificate to the back-
end RADIUS server by EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS
server can record accounting information such as when a user logs on to the wireless LAN and logs
off from the wireless LAN for monitoring or billing purposes.
associated with IEEE 802.11, such as lack of user-based authentication and dynamic encryption key
distribution. With IEEE 802.1x and the help of a RADIUS (Remote Authentication Dial-In User
Service) server and a user account database, an enterprise or ISP (Internet Service Provider) can man-
age its mobile users' access to its wireless LANs. Before granted access to a wireless LAN supporting
IEEE 802.1x, a user has to issue his or her user name and password or digital certificate to the back-
end RADIUS server by EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS
server can record accounting information such as when a user logs on to the wireless LAN and logs
off from the wireless LAN for monitoring or billing purposes.
The IEEE 802.1x functionality of the advanced wireless access point is controlled by the security
mode (see Section 3.4.2). So far, the wireless access point supports two authentication mechanisms—
EAP-MD5 (Message Digest version 5) and EAP-TLS (Transport Layer Security). If EAP-MD5 is
used, the user has to give his or her user name and password for authentication. If EAP-TLS is used,
the wireless client computer automatically gives the user’s digital certificate that is stored in the com-
mode (see Section 3.4.2). So far, the wireless access point supports two authentication mechanisms—
EAP-MD5 (Message Digest version 5) and EAP-TLS (Transport Layer Security). If EAP-MD5 is
used, the user has to give his or her user name and password for authentication. If EAP-TLS is used,
the wireless client computer automatically gives the user’s digital certificate that is stored in the com-