beautypg.com

Configuring kerboros – Motorola Series Switch WS5100 User Manual

Page 101

background image

Network Setup

4-27

server on the wired side of the switch. All other packet types are blocked until the authentication server
(typically, a RADIUS server) verifies the MU’s identity.

To configure a 802.1x EAP authentication scheme for a WLAN:

1. Select

Network

>

Wireless LANs

from the main menu tree.

2. Select an existing WLAN from those displayed within the

Configuration

tab and click the

Edit

button.

A WLAN screen displays with the WLAN’s existing configuration. Refer to the

Authentication

and

Encryption

columns to assess the WLAN’s existing security configuration.

3. Select the

802.1X EAP

button from within the Authentication field. The

Radius Config...

button on the

bottom of the screen will become enabled. Ensure a primary and optional secondary Radius Server have
been configured to authenticate users requesting access to the EAP 802.1x supported WLAN. For more
information, see

Configuring External Radius Server Support on page 4-36

.

4. Click the

Config

button to the right of the 802.1X EAP checkbox.

The 802.1x EAP screen displays.

5. Configure the

Advanced

field as required to define MU timeout and retry information for the

authentication server.

6. Refer to the

Status

field for the current state of the requests made from applet. This field displays error

messages if something goes wrong in the transaction between the applet and the switch.

7. Click

OK

to use the changes to the running configuration and close the dialog.

8. Click

Cancel

to close the dialog without committing updates to the running configuration.

Configuring Kerboros

Kerberos (designed and developed by MIT) provides strong authentication for client/server applications
using secret-key cryptography. Using Kerberos, a MU must prove its identity to a server (and vice versa)

NOTE: As part of the EAP configuration process, ensure a primary and optional secondary
Radius server have been properly configured to authenticate the users requesting access
to the EAP protected WLAN. For more information on configuring Radius Server support
for the EAP 802.1x WLAN, see

Configuring External Radius Server Support on page 4-36

.

MU Timeout

Define the time (between 1- 60 seconds) for the switch’s retransmission of EAP-Request
packets. The default is 10 seconds.

MU Max Retries

Specify the maximum number of times the switch retransmits an EAP-Request frame to the
client before it times out the authentication session. The default is 10 retries.