Apple AirPort Networks User Manual
Page 48
48
Chapter 3
AirPort Network Designs
 If you choose RADIUS, enter the type of RADIUS service, the RADIUS IP addresses,
shared secret, and primary port for the primary RADIUS server. Enter the information
for the secondary RADIUS server if there is one. Check with the server administrator
if you don’t have that information.
Important:
AirPort access control prevents computers that aren’t on the access control
list from accessing the AirPort network. For information on how to prevent
unauthorized computers from joining the AirPort network, see “Setting Up the
AirPort Extreme Network” on page 17.
You can also add the MAC address of a third-party 802.11 wireless networking card to
the access control list. Most third-party cards have the MAC address on a label attached
to the metal case of the card.
Access control is not compatible with WPA or WPA2 Enterprise mode. You can use
either access control or WPA Enterprise in a network, but you can’t use both.
Using a RADIUS Server
Using a RADIUS server on your network lets you authenticate MAC addresses
(AirPort IDs) on a separate computer, so that each device on the network doesn’t
need to store the MAC addresses of computers that have access to the network.
Instead, all the addresses are stored on a server that is accessed through a specific
IP address.
To set up authentication using a RADIUS server:
1
On the server, enter the MAC addresses of the computers that will access the network.
2
When the RADIUS server is set up, open AirPort Utility, select your wireless device, and
then choose Base Station > Manual Setup, or double-click the device icon to open its
configuration in a separate window. Enter the password if necessary.
3
Click AirPort, click Access, and then choose RADIUS from the MAC Address Access
Control pop-up menu.
4
Choose a format from the RADIUS pop-up menu.
If you choose Default, your wireless device formats the MAC addresses as 010203-
0a0b0c, and they are used as the user names on the RADIUS server. The shared secret is
the password for users joining the network. This format is often used for Lucent and
Agere servers.
If you choose Alternate, MAC addresses are formatted as 0102030a0b0c and are used
for both the user name and password by users joining the network. This format is often
used for Cisco servers.