Manualshelf

Manual

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-WA7400/EU
231232233234235236237238239240
AT-WA7400 Management Software User’s Guide
231
7. Click OK on all dialog boxes (starting with the EAP MSCHAP v2
Properties dialog box) to close and save your changes.
IEEE 802.1x PEAP clients should now be able to associate with the
access point. Client users will be prompted for a user name and
password to authenticate with the network.
IEEE 802.1x Client Using EAP/TLS Certificate
Extensible Authentication Protocol (EAP) Transport Layer Security (TLS),
or EAP-TLS, is an authentication protocol that supports the use of smart
cards and certificates. You have the option of using EAP-TLS with both
WPA/WPA2 Enterprise (RADIUS) and IEEE 802.1x modes if you have an
external RADIUS server on the network to support it.
Note
If you want to use IEEE 802.1x mode with EAP-TLS certificates for
authentication and authorization of clients, you must have an
external RADIUS server and a Public Key Authority Infrastructure
(PKI), including a Certificate Authority (CA), server configured on
your network. It is beyond the scope of this document to describe
these configuration of the RADIUS server, PKI, and CA server.
Consult the documentation for those products.
Some good starting points available on the web for the Microsoft
Windows PKI software are: “How to Install/Uninstall a Public Key
Certificate Authority for Windows 2000” at http://
support.microsoft.com/default.aspx?scid=kb;EN-US;231881 and
How to Configure a Certificate Server at http://
support.microsoft.com/default.aspx?scid=kb;en-us;318710#3.
To use this type of security, you must do the following:
1. Add the AT-WA7400 Wireless Access Point to the list of RADIUS
server clients. (See “Configuring an External RADIUS Server to
Recognize the AT-WA7400 Wireless Access Point” on page 248.)
2. Configure the AT-WA7400 Wireless Access Point to use your RADIUS
server (by providing the RADIUS server IP address as part of the IEEE
802.1x security mode settings).
3. Configure wireless clients to use IEEE 802.1x security and “Smart
Card or other Certificate” as described in this section.
4. Obtain a certificate for this client as described in “Obtaining a TLS-EAP
Certificate for a Client” on page 253.