44 Working with wireless communities and authentication
Broadcast key refresh rate
Enter the interval at which the broadcast (group) key is refreshed for clients associated with this
wireless community (the default is 300).
The valid range is 0 to 86400 seconds. Specify a value of 0 to disable the refreshing of
broadcast keys.
Session key refresh rate
Enter the interval at which the AP will refresh session (unicast) keys for each client associate with
the wireless community.
To enable session key refreshing, specify a value in the range of 30 to 86400 seconds. Specify
a value of 0 to disable session key refresh.
MAC authentication
You can control access to the wireless network based on the MAC address of a user’s wireless
device. You can either block access or allow access, depending on your requirements.
For each wireless community, you can select whether to disable MAC authentication, use a
MAC authentication list stored locally on the M210, or use a list stored on a RADIUS server (see
Wireless community configuration options on page 36.
Caution MAC authentication is vulnerable to MAC address spoofing, where users in the network who
are not granted access to the M210 gain access by changing their MAC addresses to an
authorized user’s address. For better security, administrators should consider using an
additional authentication method (WPA Personal, WPA Enterprise, 802.1X/Dynamic WEP, or
Static WEP). MAC authentication occurs after other authentication methods are applied.
RADIUS server-based MAC authentication
When RADIUS server-based MAC authentication is enabled on a wireless community, a
wireless client MAC address is compared to the configured list upon authentication. The
globally configured allow or deny action is applied when a MAC address matches an entry in
the list. When a client MAC address is not found in the list, the opposite allow or deny action is
applied.
The following attributes must be configured on the RADIUS server:
• User-Name (1): Ethernet MAC address of the client.
• User-Password (2): A fixed password used to lookup a client MAC entry. The M210
uses the password “NOPASSWORD”.
To Next Page
Loading...
Need help?
General
