Manual

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-WA7400/EU

231

232

233

234

235

236

237

238

239

240

Appendix B: Configuring Security on Wireless Clients

236

Configuring WPA/WPA2 Enterprise (RADIUS) Security on a Client

Wi-Fi Protected Access 2 (WPA2) with Remote Authentication Dial-In User

Service (RADIUS) is an implementation of the Wi-Fi Alliance IEEE 802.11

standard, which includes Advanced Encryption Standard (AES), Counter

mode/CBC-MAC Protocol (CCMP), and Temporal Key Integrity Protocol

(TKIP) mechanisms. This mode requires the use of a RADIUS server to

authenticate users.

This security mode also provides backwards-compatibility for wireless

clients that support only the original WPA.

When you configure WPA/WPA2 Enterprise (RADIUS) security mode on

the access point, you have a choice of whether to use the built-in

authentication server or an external RADIUS server that you provide.

The AT-WA7400 Wireless Access Point’s built-in authentication server

supports Protected Extensible Authentication Protocol (EAP) known as

EAP/PEAP and Microsoft Challenge Handshake Authentication Protocol

Version 2 (MSCHAP V2), which provides authentication for point-to-point

(PPP) connections between a Windows-based computer and network

devices such as access points.

If you configure the network (access point) to use security mode and

choose the built-in authentication server, you must configure client

stations to use WPA/WPA2 Enterprise (RADIUS) and EAP/PEAP.

If you configure the network (access point) to use this security mode with

an external RADIUS server, you must configure the client stations to use

WPA/WPA2 Enterprise (RADIUS) and whichever security protocol your

RADIUS server is configured to use.

WPA/WPA2

Enterprise

(RADIUS) Client

Using EAP/PEAP

The built-In authentication server on the AT-WA7400 Wireless Access

Point uses Protected Extensible Authentication Protocol (EAP) known as

EAP/PEAP.

 If you are using the Built-in Authentication server with WPA/WPA2

Enterprise (RADIUS) security mode on the AT-WA7400 Wireless

Access Point, then you will need to set up wireless clients to use

PEAP.

 Additionally, you may have an external RADIUS server that uses EAP/

PEAP. If so, you will need to (1) add the AT-WA7400 Wireless Access

Point to the list of RADIUS server clients, and (2) configure your WPA/

WPA2 Enterprise (RADIUS) wireless clients to use PEAP.