user manual

ManualsBrandsAllied Telesis ManualsNetwork CardNetwork Card AT-TQ2403

161

162

163

164

165

166

167

168

169

170

AT-TQ2403 Management Software User's Guide 165

Configuring WPA/WPA2 Enterprise (RADIUS) Security

on a Client

Wi-Fi Protected Access 2 (WPA2) with Remote Authentication Dial-In User Service (RADIUS) is an

implementation of the Wi-Fi Alliance IEEE 802.11i standard, which includes Advanced Encryption Standard

(AES), Counter mode/CBC-MAC Protocol (CCMP), and Temporal Key Integrity Protocol (TKIP) mechanisms.

This mode requires the use of a RADIUS server to authenticate users.

This security mode also provides backwards-compatibility for wireless clients that support only the

original WPA.

When you configure WPA/WPA2 Enterprise (RADIUS) security mode on the access point, you have a

choice of whether to use the Built-in Authentication Server or an external RADIUS server that you

provide.

The AT-TQ2403 Wireless Access Point Built-in Authentication Server supports Protected Extensible

Authentication Protocol (EAP) known as "EAP/PEAP" and Microsoft Challenge Handshake Authentication

Protocol Version 2 (MSCHAP V2), which provides authentication for point-to-point (PPP) connections

between a Windows-based computer and network devices such as access points.

So, if you configure the network (access point) to use security mode and choose the Built-in

Authentication server, you must configure client stations to use WPA/WPA2 Enterprise (RADIUS) and

EAP/PEAP.

If you configure the network (access point) to use this security mode with an external RADIUS server,

you must configure the client stations to use WPA/WPA2 Enterprise (RADIUS) and whichever security

protocol your RADIUS server is configured to use.

WPA/WPA2 Enterprise (RADIUS) Client Using EAP/PEAP

The B

uilt-In Authentication Server on the AT-TQ2403 Wireless Access Point uses Protected Extensible

Authentication Protocol (EAP) known as "EAP/PEAP".

 If you are using the Built-in Authentication server with "WPA/WPA2 Enterprise (RADIUS)" security

mode on the AT-TQ2403 Wireless Access Point, then you will need to set up wireless clients to

use PEAP.

 Additionally, you may have an external RADIUS server that uses EAP/PEAP. If so, you will need to (1)

add the AT-TQ2403 Wireless Access Point to the list of RADIUS server clients, and (2) configure

your "WPA/WPA2 Enterprise (RADIUS)" wireless clients to use PEAP.



Note: The following example assumes you are using the Built-in Authentication server that

comes wit

h the AT-TQ2403 Wireless Access Point. If you are setting up EAP/PEAP on a

client of an AP that is using an external RADIUS server, the client configuration process will

differ somewhat from this example especially with regard to certificate validation.

If you configured the AT-TQ2403 Wireless Access Point to use WPA/WPA2 Enterprise (RADIUS)

security mode and to use either the Built-in Authentication Server or an external RADIUS server that

uses EAP/PEAP…