Manualshelf

User's Manual Part 2

ManualsBrandsRiverbed Technology ManualsElectronicsXS-3900 Wireless LAN Array
121122123124125126127128129130
Wireless LAN Array
226 Appendix C: Technical Support
z RADIUS 802.1x with EAP
802.1x uses a RADIUS server to authenticate large numbers of
clients, and can handle different EAP (Extensible Authentication
Protocol) authentication methods, including EAP-TLS, EAP-
TTLS and EAP-PEAP. The RADIUS server can be internal
(provided by the XS-3900) or external. An external RADIUS
server offers more functionality and is recommended for large
Enterprise deployments.
When using this method, user names and passwords must be
entered into the RADIUS server for user authentication.
z MAC Address ACLs (Access Control Lists)
MAC address ACLs provide a list of client adapter MAC
addresses that are allowed or denied access to the wireless
network. Access Control Lists work well when there are a limited
number of users—in this case, enter the MAC addresses of each
user in the Allow list. In the event of a lost or stolen MAC
adapter, enter the affected MAC address in the Deny list.
Q. Why do I need to authenticate my XS-3900 units?
A. When deploying multiple Arrays, you may need to define which units
are part of which wireless network (for example, if you are establishing
more than one network). In this case, you need to employ the Xirrus
Wireless Management System (XM-3300) which can authenticate your
Arrays automatically and ensure that only authorized units are
associated with the defined wireless network.
Q. What is rogue AP (Access Point) detection?
A. The Xirrus Array has a dedicated radio (abg/4) which constantly scans
the local wireless environment for rogue APs (non-Xirrus devices that are
not part of your wireless network), unencrypted transmissions, and other
security issues. Administrators can then classify each rogue AP and
ensure that these devices do not interrupt or interfere with the network.