Manual

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-WA7400/EU

211

212

213

214

215

216

217

218

219

220

AT-WA7400 Management Software User’s Guide

219

Network Infrastructure and Choosing Between the Built-in or External

Authentication Server

Network security configurations including Public Key Infrastructures (PKI),

Remote Authentication Dial-in User Server (RADIUS) servers, and

Certificate Authority (CA) can vary a great deal from one organization to

the next in terms of how they provide Authentication, Authorization, and

Accounting (AAA). Ultimately, the particulars of your infrastructure will

determine how clients should configure security to access the wireless

network. Rather than try to predict and address the details of every

possible scenario, this section provides general guidelines about each

type of client configuration supported by the AT-WA7400 Wireless Access

Point.

I Want to Use the

Built-in

Authentication

Server (EAP-

PEAP)

If you do not have a RADIUS server or PKI infrastructure in place and/or

are unfamiliar with many of these concepts, Allied Telesyn strongly

recommends setting up the AT-WA7400 Wireless Access Points with

security that uses the Built-in Authentication Server on the access point.

This will mean setting up the access point to use either IEEE 802.1x or

WPA/WPA2 Enterprise (RADIUS) security mode. (The built-in

authentication server uses the EAP-PEAP authentication protocol.)

 If the AT-WA7400 Wireless Access Point is set up to use IEEE 802.1x

mode and the Built-in Authentication Server, then configure wireless

clients as described in “IEEE 802.1x Client Using EAP/PEAP” on

page 227.

 If the AT-WA7400 Wireless Access Point is configured to use WPA/

WPA2 Enterprise (RADIUS) mode and the Built-in Authentication

Server, then configure wireless clients as described in “WPA/WPA2

Enterprise (RADIUS) Client Using EAP/PEAP” on page 236.

I Want to Use an

External

RADIUS Server

with EAP-TLS

Certificates or

EAP-PEAP

The following sections assume that if you have an external RADIUS server

and PKI/CA setup, you will know how to configure client security options

appropriate to your security infrastructure beyond the fundamental

suggestions given here. Topics covered here that particularly relate to

client security configuration in a RADIUS - PKI environment are:

 “IEEE 802.1x Client Using EAP/TLS Certificate” on page 231

 “WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate”

on page 241

 “Configuring an External RADIUS Server to Recognize the

AT-WA7400 Wireless Access Point” on page 248

 “Obtaining a TLS-EAP Certificate for a Client” on page 253

Details about how to configure an EAP-PEAP client with an external

RADIUS server are not covered in this document.