Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

332

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 10

Configure an Access Point as a Local Authenticator

The reauthentication provides users with a new encryption key. The
default setting is 0, that means that group members are never required to
reauthenticate.

reauthentication time seconds

9. (Optional) To help protect against password guessing attacks, you can lock

out members of a user group for a length of time after a set number of
incorrect passwords.
• count—The number of failed passwords that triggers a lockout of the

username.

• time—The number of seconds the lockout can last. If you enter

infinite

, an administrator must manually unblock the locked

username.

See the

Unblocking Locked Usernames on page 339

for instructions on

unblocking client devices.

block count count

time { seconds | infinite }

10. Exit group configuration mode and return to authenticator configuration

mode.

exit

11. Enter the LEAP and EAP-FAST users allowed to authenticate by using the

local authenticator.

You must enter a username and password for each user. If you only know
the NT value of the password, where you can often find in the
authentication server database, you can enter the NT hash as a string of
hexadecimal digits.

To add a client device for MAC-based authentication, enter the client’s
MAC address as both the username and password. Enter 12 hexadecimal
digits without a dot or dash between the numbers as the username and the
password. For example, for the MAC address 0009.5125.d02b, enter
00095125d02b as both the username and the password.

To limit only the user to MAC authentication, enter

mac-auth-only

.

To add the user to a user group, enter the group name. If you don’t specify a
group, the user is not assigned to a specific VLAN and is never forced to
reauthenticate.

user username

{ password | nthash } password

[ group group-name ]

[mac-auth-only]