Configuring kerboros – Motorola Series Switch WS5100 User Manual
Page 101
Network Setup
4-27
server on the wired side of the switch. All other packet types are blocked until the authentication server
(typically, a RADIUS server) verifies the MU’s identity.
To configure a 802.1x EAP authentication scheme for a WLAN:
1. Select
Network
>
Wireless LANs
from the main menu tree.
2. Select an existing WLAN from those displayed within the
Configuration
tab and click the
Edit
button.
A WLAN screen displays with the WLAN’s existing configuration. Refer to the
Authentication
and
Encryption
columns to assess the WLAN’s existing security configuration.
3. Select the
802.1X EAP
button from within the Authentication field. The
Radius Config...
button on the
bottom of the screen will become enabled. Ensure a primary and optional secondary Radius Server have
been configured to authenticate users requesting access to the EAP 802.1x supported WLAN. For more
information, see
Configuring External Radius Server Support on page 4-36
.
4. Click the
Config
button to the right of the 802.1X EAP checkbox.
The 802.1x EAP screen displays.
5. Configure the
Advanced
field as required to define MU timeout and retry information for the
authentication server.
6. Refer to the
Status
field for the current state of the requests made from applet. This field displays error
messages if something goes wrong in the transaction between the applet and the switch.
7. Click
OK
to use the changes to the running configuration and close the dialog.
8. Click
Cancel
to close the dialog without committing updates to the running configuration.
Configuring Kerboros
Kerberos (designed and developed by MIT) provides strong authentication for client/server applications
using secret-key cryptography. Using Kerberos, a MU must prove its identity to a server (and vice versa)
NOTE: As part of the EAP configuration process, ensure a primary and optional secondary
Radius server have been properly configured to authenticate the users requesting access
to the EAP protected WLAN. For more information on configuring Radius Server support
for the EAP 802.1x WLAN, see
Configuring External Radius Server Support on page 4-36
MU Timeout
Define the time (between 1- 60 seconds) for the switch’s retransmission of EAP-Request
packets. The default is 10 seconds.
MU Max Retries
Specify the maximum number of times the switch retransmits an EAP-Request frame to the
client before it times out the authentication session. The default is 10 retries.