HP ProCurve Wireless Access Point 420 - Hewlett Packard
HP ProCurve Wireless Access Point 420 - Hewlett Packard
HP ProCurve Wireless Access Point 420 - Hewlett Packard
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Access</strong> <strong>Point</strong> Configuration<br />
Configuring <strong>Wireless</strong> Security<br />
Web: Configuring MAC Address Authentication<br />
The access point can be configured to authenticate client MAC addresses<br />
against a database stored locally on the access point or remotely on a RADIUS<br />
server. Client MAC addresses in the local database can be specified as allowed<br />
or denied access the network. This enables the access point to control which<br />
devices can associate with the access point.<br />
Not e If a RADIUS authentication server is used for MAC authentication, the server<br />
must first be configured in the RADIUS window.<br />
Client station MAC authentication occurs prior to any IEEE 802.1x authentication<br />
configured for the access point. However, a client’s MAC address<br />
provides relatively weak user authentication, since MAC addresses can be<br />
easily captured and used by another station to break into the network. Using<br />
802.1x provides more robust user authentication using user names and passwords<br />
or digital certificates. So, although you can configure the access point<br />
to use MAC address and 802.1x authentication together, it is better to choose<br />
one or the other, as appropriate. Consider the following guidelines:<br />
■ Use MAC address authentication for a small network with a limited<br />
number of users. MAC addresses can be manually configured on the<br />
access point itself without the need to set up a RADIUS server. The access<br />
point supports up to 1024 MAC addresses in its filtering table, but<br />
managing a large number of MAC addresses across more than one access<br />
point quickly becomes very cumbersome.<br />
■ Use IEEE 802.1x authentication for networks with a larger number of<br />
users and where security is the most important issue. A RADIUS server is<br />
required in the wired network to control the user credentials (digital<br />
certificates, smart cards, passwords, or other) of wireless clients. The<br />
802.1x authentication approach provides a standards-based, flexible, and<br />
scalable solution that can be centrally managed. However, implementing<br />
802.1x requires more resources and skills to operate and maintain a<br />
RADIUS server and manage a large database of user credentials.<br />
The Authentication window on the Security tab enables the access point to be<br />
configured to use MAC address authentication.<br />
The web interface enables you to modify these parameters:<br />
■ MAC Authentication: The type of authentication method the system<br />
employs when authenticating a wireless client’s MAC address.<br />
5-53