Manual

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-WA7400/EU

241

242

243

244

245

246

247

248

249

250

AT-WA7400 Management Software User’s Guide

241

9. Click OK in all dialog boxes (starting with the EAP MSCHAP v2

Properties dialog) to close and save your changes.

WPA/WPA2 Enterprise (RADIUS) PEAP clients should now be able to

associate with the access point. Client users will be prompted for a

user name and password to authenticate with the network.

WPA/WPA2

Enterprise

(RADIUS) Client

Using EAP-TLS

Certificate

Extensible Authentication Protocol (EAP) Transport Layer Security (TLS),

or EAP-TLS, is an authentication protocol that supports the use of smart

cards and certificates. You have the option of using EAP-TLS with both

WPA/WPA2 Enterprise (RADIUS) and IEEE 802.1x modes if you have an

external RADIUS server on the network to support it.

Note

If you want to use IEEE 802.1x mode with EAP-TLS certificates for

authentication and authorization of clients, you must have an

external RADIUS server and a Public Key Authority Infrastructure

(PKI), including a Certificate Authority (CA), server configured on

your network. It is beyond the scope of this document to describe

these configuration of the RADIUS server, PKI, and CA server.

Consult the documentation for those products.

Some good starting points available on the web for the Microsoft

Windows PKI software are: “How to Install/Uninstall a Public Key

Certificate Authority for Windows 2000” at http://

support.microsoft.com/default.aspx?scid=kb;EN-US;231881 and

“How to Configure a Certificate Server” at http://

support.microsoft.com/default.aspx?scid=kb;en-us;318710#3.

To use this type of security, you must do the following:

1. Add the AT-WA7400 Wireless Access Point to the list of RADIUS

server clients. (See “Configuring an External RADIUS Server to

Recognize the AT-WA7400 Wireless Access Point” on page 248.)

2. Configure the AT-WA7400 Wireless Access Point to use your RADIUS

server by providing the RADIUS server IP address as part of the WPA/

WPA2 Enterprise [RADIUS] security mode settings.

3. Configure wireless clients to use WPA security and Smart Card or

other Certificate as described in this section.

4. Obtain a certificate for this client as described in “Obtaining a TLS-EAP

Certificate for a Client” on page 253.