User's Manual

ManualsBrandsNetgear ManualsSwitchNetgear ProSafe WFS709TP Smart Wireless Controller WFS709TP-100NAS

121

122

123

124

125

126

127

128

129

130

Table Of Contents

WFS709TP ProSafe Smart Wireless Switch Software Administration Manual
Contents
About This Manual
- Conventions, Formats, and Scope
- How to Use This Manual
- How to Print this Manual
- Revision History
Chapter 1 Overview of the WFS709TP
- WFS709TP System Components
- Basic WLAN Configuration
- Wireless Client Access to the WLAN
- Configuring and Managing the WFS709TP
  - Tools
Chapter 2 Deploying a Basic WFS709TP System
- Configuration Overview
- Configuring the WFS709TP
- Deploying APs
- Additional Configuration
Chapter 3 Configuring Network Parameters
- Configuring VLANs
  - Assigning a Static Address to a VLAN
  - Configuring a VLAN to Receive a Dynamic Address
- Configuring Static Routes
- Configuring the Loopback IP Address
Chapter 4 RF Plan
- RF Plan Overview
- Before You Begin
  - Task Overview
  - Planning Requirements
- Using RF Plan
- RF Plan Example
Chapter 5 Configuring WLANS
- Before You Begin
  - Determine the Authentication Method
  - Determine the Default VLAN
- Basic WLAN Configuration in the Browser Interface
  - Example Configuration
- Advanced WLAN Configuration in the Browser Interface
- IntelliFi RF Management
Chapter 6 Configuring AAA Servers
- Configuring an External RADIUS Server
- Adding Users to the Internal Database
- Configuring Authentication Timers
Chapter 7 Configuring 802.1x Authentication
- 802.1x Authentication
  - Authentication with a RADIUS Server
  - Authentication Terminated on WFS709TP
- Configuring 802.1x Authentication
  - 802.1x Authentication Page
- Advanced Configuration Options for 802.1x
Chapter 8 Configuring the Captive Portal
- Overview of Captive Portal Functions
- Configuring Captive Portal
- Configuring Advanced Captive Portal Options
- Configuring the AAA Server for Captive Portal
  - Changing the Protocol to HTTP
- Personalizing the Captive Portal Page
Chapter 9 Configuring MAC-Based Authentication
- Configuring the WFS709TP
- Configuring Users
Chapter 10 Adding Local WFS709TPs
- Moving to a Multi-Switch Environment
- Configuring Local WFS709TPs
Chapter 11 Configuring Redundancy
- Virtual Router Redundancy Protocol
- Redundancy Configuration
Chapter 12 Configuring Wireless Intrusion Protection
- Rogue/Interfering AP Detection
- Misconfigured AP Detection
  - Configuring Misconfigured AP Protection
Chapter 13 Configuring Management Utilities
- Configuring Management Users
- Configuring SNMP
- Creating Guest Accounts
- Managing Files on the WFS709TP
- Installing a Server Certificate
Chapter 14 Configuring WFS709TP for Voice
- Voice over IP Proxy ARP
- Battery Boost
- Limiting the Number of Active Voice Calls
- WPA Fast Handover
Appendix A Configuring DHCP with Vendor-Specific Options
- Overview
- Windows-Based DHCP Servers
  - Configuring Option 60
  - Configuring Option 43
- Linux DHCP Servers
Appendix B Windows Client Example Configuration for 802.1x
- Window XP Wireless Client Example Configuration
Appendix C Internal Captive Portal
- Creating a New Internal Web Page
  - Basic HTML Example
- Installing a New Captive Portal Page
- Displaying Authentication Error Message
- Language Customization
- Customizing the Welcome Page
- Customizing the Pop-Up Box
- Customizing the Logged Out Box
Appendix D Related Documents
Index

WFS709TP ProSafe Smart Wireless Switch Software Administration Manual

7-4 Configuring 802.1x Authentication

v1.0, June 2007

In this scenario, the supplicant must be configured for Protected EAP (PEAP), as the WFS709TP

only supports PEAP. PEAP uses Transport Layer Security (TLS) to create an encrypted tunnel.

Within the tunnel, one of the following EAP methods is used:

• EAP-Generic Token Card (GTC): Described in RFC 2284, this EAP method permits the

transfer of unencrypted usernames and passwords from client to server. The main uses for

EAP-GTC are one-time token cards such as SecureID and the use of an LDAP or RADIUS

server as the user authentication server. You can also enable caching of user credentials on the

WFS709TP as a backup to an external authentication server.

• EAP-Microsoft Challenge Authentication Protocol version 2 (MS-CHAPv2): Described in

RFC 2759, this EAP method is widely supported by Microsoft clients. A RADIUS server must

be used as the backend authentication server.

If you are using the WFS709TP’s internal database for user authentication, you need to add the

names and passwords of the users to be authenticated. If you are using an LDAP server for user

authentication, you need to configure the LDAP server on the WFS709TP, and configure user IDs

and passwords. If you are using a RADIUS server for user authentication, you need to configure

the RADIUS server on the WFS709TP.

Configuring 802.1x Authentication

On the WFS709TP, use the following steps to configure a wireless network that uses 802.1x

authentication:

1. Configure the 802.1x RADIUS authentication server.

2. Configure 802.1x authentication. See “802.1x Authentication Page” on page 7-5.

3. Configure the VLANs to which the authenticated users will be assigned. See Chapter 3,

“Configuring Network Parameters”.

Note: You must install a server certificate in the WFS709TP for AAA FastConnect,

as described in “Installing a Server Certificate” on page 13-19.

Note: If you are using EAP-GTC within a PEAP tunnel, you can configure either an

LDAP or a RADIUS server as the authentication server. If you are using AAA

FastConnect, you can use a non-802.1x server or the WFS709TP’s internal

database. See Chapter 6, “Configuring AAA Servers”.