User Manual

ManualsBrandsPsion ManualsComputers & AccessoriesPSION TEKLOGIX WIRELESS GATEWAY 802.11a/b/g

111

112

113

114

115

116

117

118

119

120

Appendix C: Configuring Security Settings On Wireless Clients

Configuring An External RADIUS Server To Recognize The 9160 Wireless Gateway

C-30

Psion Teklogix 9160 Wireless Gateway User Manual

C.9 Configuring An External RADIUS Server To Recognize The

9160 Wireless Gateway

An external Remote Authentication Dial-in User Server (RADIUS) running on the

network can support EAP-TLS smart card/certificate distribution to clients in a

Public Key Infrastructure (PKI), as well as EAP-PEAP user account setup and

authentication. By external RADIUS server, we mean an authentication server

external to the access point itself. This is to distinguish between the scenario in

which you use a network RADIUS server versus one in which you use the Built-in

Authentication Server on the 9160 Wireless Gateway.

This section provides an example of configuring an external RADIUS server for the

purposes of authenticating and authorizing TLS-EAP certificates from wireless

clients of a particular 9160 Wireless Gateway configured for either “WPA/WPA2

Enterprise (RADIUS)” or “IEEE 802.1x” security modes. The intention of this

section is to provide some idea of what this process will look like; procedures will

vary depending on the RADIUS server you use and how you configure it. For this

example, we use the Internet Authentication Service that comes with Microsoft

Windows 2003 server.

Note: This document does not describe how to set up Administrative users on

the RADIUS server. In this example, we assume you already have

RADIUS server user accounts configured. You will need a RADIUS server

user name and password for both this procedure and the following one

that describes how to obtain and install a certificate on the wireless cli-

ent. Please consult the documentation for your RADIUS server for infor-

mation on setting up user accounts.

The purpose of this procedure is to identify your 9160 Wireless Gateway as a

“client” to the RADIUS server. The RADIUS server can then handle authentication

and authorization of wireless clients for the AP. This procedure is required per

access point. If you have more than one access point with which you plan to use an

external RADIUS server, you need to follow these steps for each of those APs.

Keep in mind that the information you need to provide to the RADIUS server about

the access point corresponds to settings on the access point (Advanced, Security)

and vice versa. You should have already provided the RADIUS server IP Address to

the AP; in the steps that follow you will provide the access point IP address to the

RADIUS server. The RADIUS Key provided on the AP is the “shared secret” you

will provide to the RADIUS server.