Supported Authentication Methods

Supported Authentication Methods

Authentication is a process of identifying a user through a valid username and password. Clients can also be authenticated based on their MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses.

The authentication methods supported by the APs managed through Classic Central are described in the following sections:

802.1X Authentication

802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. is a method for authenticating the identity of a user before providing network access to the user. The Classic Central network supports internal RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server and external RADIUS server for 802.1X authentication. For authentication purpose, the wireless client can associate to a NAS Network Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server. or RADIUS client such as a wireless AP. The wireless client can pass data traffic only after successful 802.1X authentication.

The NAS acts as a gateway to guard access to a protected resource. A client connecting to the wireless network first connects to the NAS.

Configuring 802.1X Authentication for a Network Profile

To configure 802.1X authentication for a wireless network profile, complete the following steps:

  1. In the WebUI, set the filter to a group that contains at least one AP.
    The dashboard context for the group is displayed.
  2. Under Manage, click Devices > Access Points.
    A list of access points is displayed in the List view.
  3. Click the Config icon.
    The tabs to configure the access points are displayed.
  4. Click the WLANs tab.
    The WLANs Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. details page is displayed.
  5. In the Wireless SSIDs table, select a network profile for which you want to enable 802.1X authentication, and then click the edit icon.

    You can directly edit the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. name under the Display Name column in the Wireless SSIDs table. Double-click the relevant SSID that you want to rename, and type the new name. Press Enter to complete the process.

  6. Under Security, for the Enterprise security level, select the preferred option from Key Management.
  7. Specify the type of authentication server to use.
  8. Click Save Settings.

MAC Authentication

MAC authentication is used for authenticating devices based on their physical MAC addresses. MAC authentication requires that the MAC address of a machine matches a manually defined list of addresses. This authentication method is not recommended for scalable networks and the networks that require stringent security settings.

MAC authentication can be used alone or it can be combined with other forms of authentication such as WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. authentication.

Configuring MAC Authentication for a Network Profile

To configure MAC authentication for a wireless profile, complete the following steps:

  1. In the WebUI, set the filter to a group that contains at least one AP.
    The dashboard context for the group is displayed.
  2. Under Manage, click Devices > Access Points.
    A list of access points is displayed in the List view.
  3. Click the Config icon.
    The tabs to configure the access points are displayed.
  4. Click the WLANs tab.
    The WLANs details page is displayed.
  5. In the WLANs tab, select a network profile for which you want to enable MAC authentication and click the edit icon.
  6. In Security, turn on the MAC Authentication toggle switch to enable Personal or Open security level.
  7. Specify the type of authentication server to use.
  8. Click Save Settings.

Captive Portal Authentication

Captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. authentication is used for authenticating guest users. For more information, see Configuring Wireless Networks for Guest Users on APs.

802.1X Authentication with Captive Portal Authentication

This authentication method allows you to configure different captive portal settings for clients on the same SSID. For example, you can configure an 802.1X SSID and create a role for captive portal access, so that some of the clients using the SSID derive the captive portal role. You can configure rules to indicate access to external or internal Captive portal, or none.

For more information on configuring captive portal roles for an SSID with 802.1X authentication, see Configuring Wireless Networks for Guest Users on APs.