The reauthentication provides users with a new encryption key. (Optional) Enter the number of seconds after which access points should reauthenticate members of the group. If the SSID does not match, the client is disassociated. The access point checks that the SSID that the client used to associate matches one of the SSIDs in the list.
(Optional) Enter up to 20 SSIDs to limit members of the user group to those SSIDs. You can assign only one VLAN to the group. The access point moves group members into that VLAN, overriding other VLAN assignments. (Optional) Specify a VLAN to be used by members of the user group. (Optional) Enter user group configuration mode and configure a user group to which you can assign shared settings. Repeat this step to add each access point that uses the local authenticator. If you use spaces in your key, do not enclose the key in quotation marks unless the quotation marks are part of the key.
Note Leading spaces in the key string are ignored, but spaces within and at the end of the key are used. If your local authenticator also serves client devices, you must enter the local authenticator access point as a NAS. You must enter this shared key on the access points that use the local authenticator. Enter the access point's IP address and the shared key used to authenticate communication between the local authenticator and other access points.
ACCESSING CISCO ROUTER FOR MAC CLIENT HOW TO
This example shows how to set up a local authenticator used by three access points with three user groups and several users:Įnable the access point as a local authenticator and enter configuration mode for the authenticator.Īdd an access point to the list of units that use the local authenticator. The access points periodically check the link to the main servers and stop using the local authenticator automatically when the link to the main servers is restored.Ĭaution The access point you use as an authenticator contains detailed authentication information for your wireless LAN, so you should secure it physically to protect its configuration. You configure your access points to use the local authenticator when they cannot reach the main servers (or as the main authenticator if you do not have a RADIUS server). However, if your wireless LAN contains only one access point, you can configure the access point as both the 802.1X authenticator and the local authenticator. Note Users associated to the local authenticator access point might notice a drop in performance when the access point authenticates client devices. You can configure up to 50 users on the local authenticator. You can also specify a VLAN and a list of SSIDs that a client is allowed to use. You configure the local authenticator access point manually with client usernames and passwords because it does not synchronize its database with the main RADIUS servers. The access point can authenticate LEAP-enabled wireless client devices and allow them to join your network. To provide local authentication service or backup authentication service in case of a WAN link or a server failure, you can configure an access point to act as a local RADIUS server. If the WAN link fails, or if the access points cannot access the RADIUS servers for any reason, client devices cannot access the wireless network even if the work they wish to do is entirely local. On many wireless LANs that use 802.1x authentication, access points rely on RADIUS servers housed in a distant location to authenticate client devices, and the authentication traffic must cross a WAN link.
Many small wireless LANs that could be made more secure with 802.1x authentication do not have access to a RADIUS server. Note: It is also possible to configure MAC with an Extensible Authentication Protocol (EAP) method. The AP can authenticate a maximum of 50 clients,If you want to store more than 50 MAC addresses, then use a RADIUS server. The maximum number of MAC addresses of clients that Cisco Access Point supports Resolution
0 kommentar(er)
