User's Manual
16
puter hard disk or a smart card for authentication. And after a successful EAP-TLS authentication, a
session key is automatically generated for wireless packets encryption between the wireless client
computer and its associated wireless access point. To sum up, EAP-MD5 supports only user authenti-
cation, while EAP-TLS supports user authentication as well as dynamic encryption key distribution.
Fig. 16. IEEE 802.1x and RADIUS.
An advanced wireless access point supporting IEEE 802.1x can be configured to communicate with
two RADIUS servers. When the primary RADIUS server fails to respond, the wireless access point
will try to communicate with the secondary RADIUS server. The user can specify the length of time-
out and the number of retries before communicating with the secondary RADIUS server after failing
to communicate with the primary RADIUS server.
An IEEE 802.1x-capable wireless access point and its RADIUS server(s) share a secret key so that
they can authenticate each other. In addition to its IP address, a wireless access point can identify it-
self by an NAS (Network Access Server) identifier. Each IEEE 802.1x-capable wireless access point
must have a unique NAS identifier.
Fig. 17. IEEE 802.1x/RADIUS settings.