WESM zl Management and Configuration Guide WT.01.28 and greater
11-4
RADIUS Server
RADIUS Authentication
Table 11-1. EAP Methods
Configuring the Internal RADIUS Server
You must complete the following steps to configure the internal RADIUS server to
authenticate users that connect to a WLAN:
1. Select the authentication type.
2. Specify the internal RADIUS server’s digital certificate.
3. Select the source for policies and credentials:
• If you select the local database, create groups and user accounts.
• If you select a LDAP-compliant server, configure the LDAP settings and
create a group.
4. Restart the RADIUS server.
5. Specify the internal server (loopback address) as the RADIUS server for one or
more WLANs.
EAP Type Characteristics
EAP-TLS The wireless station and the module’s RADIUS server exchange
digital certificates in a three-step TLS handshake.
EAP-TTLS with MD5 • The module’s RADIUS server authenticates itself with a digital
certificate and creates a secure TLS tunnel with the wireless
station.
• Inside the secure tunnel, the wireless station submits a
username and a hashed (MD5) password.
EAP-TTLS with PAP • The module’s RADIUS server authenticates itself with a digital
certificate and creates a secure TLS tunnel with the wireless
station.
• Inside the secure tunnel, the wireless station sends a PAP
request.
PEAP with GTC • The module’s RADIUS server authenticates itself with a digital
certificate and creates a secure TLS tunnel with the wireless
station.
• Inside the secure tunnel, the wireless station submits a GTC
packet with its username and a password.
PEAP with MS-CHAP v2 • The module’s RADIUS server authenticates itself with a digital
certificate and creates a secure TLS tunnel with the wireless
station.
• Inside the secure tunnel, the wireless station submits a
username and a password using the MS-CHAP v2 protocol.