Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-IAP175P/AC

111

112

113

114

115

116

117

118

119

120

EAP-Generic Token Card (GTC)— This EAP method permits the transfer of unencrypted

usernames and passwords from client to server. The main uses for EAP-GTC are one-time token

cards such as SecureID and the use of LDAP or RADIUS as the user authentication server. You

can also enable caching of user credentials on the W-IAP as a backup to an external

authentication server.

EAP-Microsoft Challenge Authentication Protocol version 2 (MS-CHAPv2)— This EAP method is

widely supported by Microsoft clients. A RADIUS server must be used as the backend

authentication server.

If you are using the W-IAP’s internal database for user authentication, you need to add the names

and passwords of the users to be authenticated. If you are using an LDAP server for user

authentication, you need to configure the LDAP server on the Virtual Controller, and configure

user IDs and passwords. If you are using a RADIUS server for user authentication, you need to

configure the RADIUS server on the Virtual Controller.

Configuring an External RADIUS Server

To configure an external RADIUS server for a wireless network:

1. Click New in the Networks tab and select the appropriate Primary usage.

2. Click Next to continue.

3. Use the VLAN tab to specify how the clients on this network get their IP address and VLAN.

4. Click Next to continue.

5. In the Security tab, slide the bar to Enterprise and update the following fields:

a. Key Management— Select the type of key for encryption and authentication.

b. Termination— Select Enabled to terminate the EAP portion of 802.1X authentication on

the access point instead of RADIUS server.

c. Authentication server 1— Select New from the drop-down list to authenticate user

credentials for the RADIUS server at run time and update the following fields:

l RADIUS Server

n Name— Enter the name of the new external RADIUS server.

n IP address— Enter the IP address of the external RADIUS server.

n Auth port— Enter the authorization port number of the external RADIUS server. The

port number is set to 1812 by default.

n Accounting port— Enter the accounting port number. This port is used to send

accounting records to the RADIUS server. The port number is set to 1813 by default

n Shared key— Enter a shared key for communicating with the external RADIUS server.

n Timeout— Indicates the timeout for one RADIUS request. The W-IAP retries to send

the request several times (as configured in the "Retry count") before the user gets

disconnected. e.g. If the "Timeout" is 5 sec, "Retry counter" is 3, user is disconnected

after 20 sec ("Timeout" x "Retry counter + 1). The default value is 5 seconds.

n Retry count— Specify a number between 1 and 5. Indicates the maximum number of

authentication requests that are sent to server group, and the default value is 3

requests.

n RFC 3576— When enabled, the Access Points process RFC 3576-compliant Change

of Authorization (CoA) and Disconnect messages from the RADIUS server.

Disconnect messages cause a user session to be terminated immediately, whereas CoA

messages modify session authorization attributes such as data filters.

Dell PowerConnect W-Series Instant Access Point 6.2.0.0-3.2.0.0 | User Guide 113 | Authentication