Wireless Network Discovery – What is Null Authentication in WLAN and Why is it Required?

Since you've clarified (comments above) that IP net/mask/gw are the same for wired/wireless clients, then your AP is bridging (as opposed to routing or NAT'ing the wireless clients.)

1. Verify the wireless systems are getting DNS servers via DHCP. If "cannot access Internet" means "web sites do not load", this may be all that is wrong.

2. Verify your Internet edge router, (and/or firewall,) isn't blocking the traffic. You might have everything configured correctly from the network and IP point of view, and then not realize that the edge router has special rules to only permit certain of your internal LAN IP addresses out. (For example, your DHCP server could be configured to give specific IPs to certain DHCP clients (the boss's desktop), while servicing the rest of the clients (eg, printers) from a pool of numbers which aren't generally permitted out to the Internet.

802.1X does perform either a computer or a user authentication to allow the network access.

NAC is a generic term designing any form of Network Access Control. Then 802.1X is one kind of NAC. I consider 802.1X to be the standard of NAC.

Beware here of the abbreviation collision around NAC which stands for Network Access Control and Network Admission Control.

Network Admission Control (origin Cisco) and Network Access Protection (origin Microsoft) are also two commercial NAC (Network Access Control) going further than the standard 802.1X. They verify that the connecting operating system is in a correct state (through the checksum of some components), and that the endpoint anti-virus is on and up to date.

NAC (Network Admission Control), the Cisco version is more network aware and less Windows addict. Unfortunatly this software solution stopped being supported by Cisco in 2011.

NAP (Network Access Protection), the Microsoft solution is more Windows aware and less network adapted.

From my own short experience, these 2 software solutions might be easily deceived as long as you get the control of the endpoint PC (Windows, MacOS X, Linux…). You can easily install an endpoint yes-agent replacing the editor one.

Then I advise to stick to the 802... standards, which have their limitations and defaults, but with no hidden features which advantage the attackers.