Setup Guide
property. The method of browsing selected must match the
method provided by the server(s) being accessed.
This setting in a wnos.ini le will be saved into NVRAM, if
EnableLocal=yes is set in the wnos.ini le.
IEEE8021X={yes, no}
network={wired, wireless}
[Prole=ssid]
[access={WPA-PSK, WPA2-PSK, WPA-ENT, WPA2-ENT}]
[eap={yes, no}]
[servervalidate={yes, no}]
[servercheck={yes, no}]
[servername={"servername for EAP-TLS, EAP-PEAP, EAP-FAST"}]
[eaptype={None, EAP-LEAP, EAP-TLS, EAP-PEAP, EAP-FAST}]
[leapun={username for EAP-LEAP}]
[leappwd={password for EAP-LEAP}]
[leappwdEnc={password encrypted for EAP-LEAP}]
[tlsauthtype={user, machine}]
[tlsclntcert={client certicate lename for EAP-TLS}]
[tlsclntprikey={lename of certicate with private key for EAP-
TLS}]
[tlsclntprikeypwd={password for private key}]
[tlsclntprikeypwdEnc={password encrypted for private key}]
[peapeap={EAP-MSCHAPV2, EAP-GTC}]
[peapidentity={identity/username for PEAP}]
[peapmschapun={username for EAP-PEAP/ EAP-MSCHAPV2}]
[peapmschappwd={password for EAP-PEAP/EAP-MSCHAPV2}]
[peapmschappwdEnc={password encrypted for EAP-PEAP/EAP-
MSCHAPV2}]
[peapmschapdm={domain for EAP-PEAP/ EAP-MSCHAPV2}]
[peapmschaphidedm={yes,no}]
[peapsinglesignon={yes, no}]
[peapgtcun={username for EAP-PEAP/ EAP-GTC}]
[peapgtcpwd={password for EAP-PEAP/ EAP-GTC}]
[peapgtcpwdEnc={password for encrypted for EAP-PEAP/EAP-
GTC}]
[wpapskpwd={passphrase for WPA-PSK}]
1
If IEEE8021X is set to no, then all parameters following it is
ignored.
2 If network is not congured, the conguration is ignored.
3 The key left of equal is case sensitive, and the value right of
equal case is not case sensitive except for credential
information; for example username, password or certicate
lename.
4 If two entries exist in an INI le, one each for wired and
wireless, both will take eect; for example IEEE8021X=yes
network=wired EAP=yes … IEEE8021X=yes network=wireless
access=WPA-ENT …
5 All EAP credential information is stored whatever the eaptype
setting.
6 The default values are underlined.
7 All passwords here should be encrypted.
8 The wildcard server include three entries in INI le. If both the
servervalidate entry and servercheck entry are set to yes, the
servername entry is valid.
9 Server certicate validation is mandatory in EAP-TLS
authentication. If the eaptype entry is set to EAP-TLS, the
servercheck entry must be set to yes.
10 Server list must be included in double quotation marks. For
example IEEE8021X=yes Network=wireless access=WPA2-
ENT eap=yes servervalidate=yes servercheck=yes
servername=";test.com;wireless98; test.com" eaptype=eap-
peap peapeap=eap-mschapv2 peapmschapun=administrator
peapmschappwd=password
.
11 Additional option timeoutretry species the retry times when
8021x authentication times out, which means that it is only
validated when the optional network type is wired. For
example, timeoutretry=3 allows you to retry thrice after 8021x
authentication times out.
12 Additional option Prole species the type of ssid
authentication to be congured. When we support multiple
ssid wireless settings, the statement ieee8021x must be after
the statement device=wireless, and one additional prole
parameter is needed to identify the type of ssid authentication
which is congured. For example,
#ThinIsIn
Device=Wireless Mode=Infrastructure
SSID=ThinIsInIEEE8021X=yes network=wireless
prole=ThinIsIn access=WPA2-ENT eap=yes eaptype=EAP-
PEAP peapeap=EAP-MSCHAPV2 peapmschapdm=wyse
#wtos_95
Device=Wireless Mode=Infrastructure
SSID=wtos_95IEEE8021X=yes network=wireless
prole=wtos_95 access=WPA2-ENT eap=yes eaptype=EAP-
PEAP peapeap=EAP-MSCHAPV2
74
Parameters for wnos INI, {username} INI, and $MAC INI les