beautypg.com

C.6.2 ieee 802.1x client using eap/tls certificate – Psion Teklogix 9160 G2 User Manual

Page 307

background image

Psion Teklogix 9160 G2 Wireless Gateway User Manual

C-15

Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup

IEEE 802.1x Client Using EAP/TLS Certificate

Logging On To The Wireless Network With An IEEE 802.1x PEAP Client

IEEE 802.1x PEAP clients should now be able to associate with the access point.
Client users will be prompted for a user name and password to authenticate with
the network.

C.6.2 IEEE 802.1x Client Using EAP/TLS Certificate

Extensible Authentication Protocol (EAP) Transport Layer Security (TLS), or EAP-
TLS, is an authentication protocol that supports the use of smart cards and certifi-
cates. You have the option of using EAP-TLS with both WPA/WPA2 Enterprise
(RADIUS) and IEEE 802.1x modes if you have an external RADIUS server on the
network to support it.

Note:

If you want to use IEEE 802.1x mode with EAP-TLS certificates for
authentication and authorization of clients, you must have an external
RADIUS server and a Public Key Authority Infrastructure (PKI), includ-
ing a Certificate Authority (CA), server configured on your network.
It is beyond the scope of this document to describe these configuration of
the RADIUS server, PKI, and CA server. Consult the documentation for
those products.

Some good starting points available on the Web for the Microsoft Windows
PKI software are:
“How to Install/Uninstall a Public Key Certificate Authority for Windows
2000” at

http://support.microsoft.com/default.aspx?scid=kb;en-us;231881 , and

“How to Configure a Certificate Server” at
http://support.microsoft.com/default.aspx?scid=kb;en-us;318710#3.

To use this type of security, you must do the following:

1.

Add the 9160 G2 Wireless Gateway to the list of RADIUS server cli-
ents. (See “Configuring An External RADIUS Server To Recognize
The 9160 G2 Wireless Gateway” on page C-30.)

2.

Configure the 9160 G2 Wireless Gateway to use your RADIUS server
(by providing the RADIUS server IP address as part of the “IEEE
802.1x” security mode settings).

3.

Configure wireless clients to use IEEE 802.1x security and “Smart
Card or other Certificate” as described in this section.