User Guide
802.1X Authentication
7-65
7
802.1X Authentication
The access point supports IEEE 802.1X access control for wireless clients. This
control feature prevents unauthorized access to the network by requiring an 802.1X
client application to submit user credentials for authentication. Client authentication
is then verified by a RADIUS server using EAP (Extensible Authentication Protocol)
before the access point grants client access to the network. The 802.1X EAP
packets are also used to pass dynamic unicast session keys and static broadcast
keys to wireless clients.
802.1x
This command configures 802.1X as optionally supported or as required for wireless
clients. Use the no form to disable 802.1X support.
Syntax
802.1x <supported | required>
no 802.1x
• supported - Authenticates clients that initiate the 802.1X authentication
process. Uses standard 802.11 authentication for all others.
• required - Requires 802.1X authentication for all clients.
Default Setting
Disabled
Table 7-12. 802.1X Authentication
Command Function Mode Page
802.1x Configures 802.1X as disabled, supported, or required IC-W-VAP 7-66
802.1x broadcast-key-
refresh-rate
Sets the interval at which the primary broadcast keys are
refreshed for stations using 802.1X dynamic keying
IC-W-VAP 7-67
802.1x session-key-
refresh-rate
Sets the interval at which unicast session keys are
refreshed for associated stations using dynamic keying
IC-W-VAP 7-68
802.1x session-timeout Sets the timeout after which a connected client must be
re-authenticated
IC-W-VAP 7-68
802.1x-supplicant enable Enables the access point to operate as a 802.1X
supplicant
GC 7-69
802.1x-supplicant user Sets the supplicant user name and password for the
access point
GC 7-69
show authentication Shows all 802.1X authentication settings, as well as the
address filter table
Exec 7-69