User Manual
Chapter 13: Configuring Security
IEEE 802.1x
132
Psion Teklogix 9160 Wireless Gateway User Manual
The access point requires a RADIUS server capable of EAP, such as the Microsoft
Internet Authentication Server or the 9160 Wireless Gateway internal authentication
server. To work with Windows clients, the authentication server must support Pro-
tected EAP (PEAP) and MSCHAP V2.
When configuring IEEE 802.1x mode, you have a choice of whether to use the
embedded RADIUS server or an external RADIUS server that you provide. The
9160 Wireless Gateway embedded RADIUS server supports Protected EAP
(PEAP) and MSCHAP V2.
If you use your own RADIUS server, you have the option of using any of a variety
of authentication methods that the IEEE 802.1x mode supports, including certifi-
cates, Kerberos, and public key authentication. Keep in mind, however, that the
client stations must be configured to use the same authentication method being used
by the access point.
If you selected “IEEE 802.1x” Security Mode, provide the following:
Field Description
Authentication
Server
Select one of the following from the drop-down menu:
• Built-in - To use the authentication server provided with the 9160 Wireless Gateway. If
you choose this option, you do not have to provide the Radius IP and Radius Key; they are
automatically provided.
• External - To use an external authentication server. If you choose this option you must
supply a Radius IP and Radius Key of the server you want to use.
Note: The RADIUS server is identified by its IP address and UDP port numbers for the dif-
ferent services it provides. On the current release of the 9160 Wireless Gateway,
the RADIUS server User Datagram Protocol (UDP) ports used by the access point
are not configurable. (The 9160 Wireless Gateway is hard-coded to use RADIUS
server UDP port 1812 for authentication and port 1813 for accounting.
Table 13.10 IEEE 802.1x Security Settings