WESM zl Management and Configuration Guide WT.01.28 and greater

4-34

Wireless Local Area Networks (WLANs)

Configuring a WLAN

You configure authentication methods as part of each individual WLAN’s settings,

and, as far as that WLAN is concerned, they are mutually exclusive. For example, a

WLAN can require stations to authenticate using 802.1X or using Web-Auth, but not

both. However, one WLAN can require 802.1X and a different WLAN, Web-Auth.

The MAC authentication configured on a WLAN is MAC authentication to a

RADIUS server. That is, the module forwards stations’ MAC addresses to be checked

against accounts stored on a network server.

The Wireless Edge Services zl Module can also enforce de facto local MAC

authentication, using globally configured filters, or MAC standard access control lists

(ACLs), that are applied to the WLAN. You can combine these filters with another

type of authentication: first, the MAC ACLs filter association requests; then the

WLAN’s specific authentication method initiates. See “MAC Filters (Local MAC

Authentication)” on page 12-75 of Chapter 12: “Wireless Network Management” to

learn how to configure MAC standard ACLs.

802.1X EAP. 802.1X is the IEEE standard for wireless authentication. When a

station attempts to connect to a WLAN that uses this standard, the Wireless Edge

Services zl Module places the association in closed status, dropping all traffic except

EAP messages. The module forwards these messages to an authentication server

(RADIUS server), and the station and server verify each other’s identities. During

the authentication process, the station and module also receive dynamic keys for

encryption.

As an alternative to a network RADIUS server, you can use the Wireless Edge

Services zl Module’s internal RADIUS capabilities. See Chapter 11: “RADIUS

Server” for more information.