beautypg.com

H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 261

background image

31-7

4-way handshake key negotiation exchanges four key packets of 802.1X to negotiate the private keys

of the wireless link at the wireless client side and the AP side, and the preshared key is used as the

seed key for key negotiation. During the negotiation process, the seed key is used by two parties for

verification. The key negotiation succeeds only when the key setting is the same, that is, the wireless

client successfully passes the PSK access authentication. Otherwise, the wireless client fails to pass

the PSK access authentication, and the link of the wireless client will be broken.

2) 802.1X

authentication

As a port-based access control protocol, 802.1X authenticates and controls accessing devices at the

port level. A device connected to an 802.1X-enabled port of a WLAN access control device can access

the resources on the WLAN only after passing authentication.

3) MAC

authentication

MAC authentication provides a way for authenticating users based on ports and MAC addresses. For

this authentication, the user does not need to install any client software. When the device first detects

the MAC address of a user, it starts the authentication for the user. During the authentication process,

the user does not need to manually input username or password. In WLAN applications, MAC

authentication needs to get the MAC addresses of the clients in advance. Therefore, MAC

authentication is applicable to small-scaled networks with relatively fixed users, for example, SOHO

and small offices.

MAC authentication falls into two modes:

Local MAC authentication: To use this authentication mode, you need to configure local

usernames and passwords on the device. Usually, you can use the MAC address as the username,

and you need to know the MAC addresses of wireless access clients in advance and configure the

MAC addresses as usernames. When clients access the wireless network, only the clients whose

MAC addresses exist on the device can pass the authentication.

Figure 31-7 Local MAC authentication

AC

L2 switch

AP

Client: 0009-5bcf-cce3

Permitted MAC

address list:

0009-5bcf-cce3

0011-9548-4007

000f-e200-00a2

Client: 0011-9548-4007

Client: 001a-9228-2d3e

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: