Madge Networks 802.11b User Manual

The IEEE 802.1x functionality of the advanced AP is controlled by the security mode (see Section 3.4.2).
The advanced AP supports two authentication mechanisms—EAP-MD5 (Message Digest version 5) and
EAP-TLS (Transport Layer Security). If EAP-MD5 is used, the user has to give his or her user name and
password for authentication. If EAP-TLS is used, the wireless client computer automatically gives the
user’s digital certificate that is stored in the computer hard disk or a smart card for authentication. And
after a successful EAP-TLS authentication, a session key is automatically generated for wireless packets
encryption between the wireless client computer and its associated advanced wireless access point. To
sum up, EAP-MD5 supports user authentication, while EAP-TLS supports user authentication as well as
dynamic encryption key distribution.

Fig. 17. IEEE 802.1x and RADIUS.

An advanced AP supporting IEEE 802.1x can be configured to communicate with two RADIUS servers.
When the primary RADIUS server fails to respond, the advanced wireless access point will try to
communicate with the secondary RADIUS server. The user can specify the length of timeout and the
number of retries before communicating with the secondary RADIUS server after failing to communicate
with the primary RADIUS server.
An IEEE 802.1x-capable advanced wireless access point and its RADIUS server(s) share a secret key so
that they can authenticate each other. In addition to its IP address, an advanced wireless access point can
identify itself by an NAS (Network Access Server) identifier. Each IEEE 802.1x-capable advanced
wireless access point must have a unique NAS identifier.

Fig. 18. IEEE 802.1x/RADIUS settings.

100-408-01

Copyright © 2002 Madge Networks. All rights reserved.

Page

15