Allied Telesis AT-WA7400/EU User Manual

AT-WA7400 Management Software User’s Guide

217

Network Infrastructure and Choosing Between the Built-in or External
Authentication Server

Network security configurations including Public Key Infrastructures (PKI),
Remote Authentication Dial-in User Server (RADIUS) servers, and
Certificate Authority (CA) can vary a great deal from one organization to
the next in terms of how they provide Authentication, Authorization, and
Accounting (AAA). Ultimately, the particulars of your infrastructure will
determine how clients should configure security to access the wireless
network. Rather than try to predict and address the details of every
possible scenario, this section provides general guidelines about each
type of client configuration supported by the AT-WA7400 Wireless Access
Point.

I Want to Use the

Built-in

Authentication

Server (EAP-

PEAP)

If you do not have a RADIUS server or PKI infrastructure in place and/or
are unfamiliar with many of these concepts, Allied Telesis strongly
recommends setting up the AT-WA7400 Wireless Access Points with
security that uses the Built-in Authentication Server on the access point.
This will mean setting up the access point to use either IEEE 802.1x or
WPA/WPA2 Enterprise (RADIUS) security mode. (The built-in
authentication server uses the EAP-PEAP authentication protocol.)

ˆ

If the AT-WA7400 Wireless Access Point is set up to use IEEE 802.1x
mode and the Built-in Authentication Server, then configure wireless
clients as described in “IEEE 802.1x Client Using EAP/PEAP” on
page 225.

ˆ

If the AT-WA7400 Wireless Access Point is configured to use WPA/
WPA2 Enterprise (RADIUS) mode and the Built-in Authentication
Server, then configure wireless clients as described in “WPA/WPA2
Enterprise (RADIUS) Client Using EAP/PEAP” on page 234.

I Want to Use an

External

RADIUS Server

with EAP-TLS

Certificates or

EAP-PEAP

The following sections assume that if you have an external RADIUS server
and PKI/CA setup, you will know how to configure client security options
appropriate to your security infrastructure beyond the fundamental
suggestions given here. Topics covered here that particularly relate to
client security configuration in a RADIUS - PKI environment are:

ˆ

“IEEE 802.1x Client Using EAP/TLS Certificate” on page 229

ˆ

“WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate”
on page 239

ˆ

“Configuring an External RADIUS Server to Recognize the
AT-WA7400 Wireless Access Point” on page 246

ˆ

“Obtaining a TLS-EAP Certificate for a Client” on page 251

Details about how to configure an EAP-PEAP client with an external
RADIUS server are not covered in this document.