WESM zl Management and Configuration Guide WT.01.XX and greater
4-34
Wireless Local Area Networks (WLANs)
Configuring a WLAN
The Wireless Edge Services zl Module supports three types of authentication:
■ 802.1X Extensible Authentication Protocol (EAP)
■ Web authentication (Web-Auth)
■ Media Access Control (MAC) authentication
You configure authentication methods as part of each individual WLAN’s
settings, and, as far as that WLAN is concerned, they are mutually exclusive.
For example, a WLAN can require stations to authenticate using 802.1X or
using Web-Auth, but not both. However, one WLAN can require 802.1X and a
different WLAN, Web-Auth.
The MAC authentication configured on a WLAN is MAC authentication to a
RADIUS server. That is, the module forwards stations’ MAC addresses to be
checked against accounts stored on a network server.
The Wireless Edge Services zl Module can also enforce de facto local MAC
authentication, using globally configured filters, or MAC standard access
control lists (ACLs), that are applied to the WLAN. You can combine these
filters with another type of authentication: first, the MAC ACLs filter associa-
tion requests; then the WLAN’s specific authentication method initiates. See
“MAC Filters (Local MAC Authentication)” on page 12-75 of Chapter 12: “Wire-
less Network Management” to learn how to configure MAC standard ACLs.
802.1X EAP. 802.1X is the IEEE standard for wireless authentication. When
a station attempts to connect to a WLAN that uses this standard, the Wireless
Edge Services zl Module places the association in closed status, dropping all
traffic except EAP messages. The module forwards these messages to an
authentication server (RADIUS server), and the station and server verify each
other’s identities. During the authentication process, the station and module
also receive dynamic keys for encryption.
As an alternative to a network RADIUS server, you can use the Wireless Edge
Services zl Module’s internal RADIUS capabilities. See Chapter 11: “RADIUS
Server” for more information.