Allied Telesis AT-WA7400/EU User Manual
Page 239
AT-WA7400 Management Software User’s Guide
239
9. Click OK in all dialog boxes (starting with the EAP MSCHAP v2
Properties dialog) to close and save your changes.
WPA/WPA2 Enterprise (RADIUS) PEAP clients should now be able to
associate with the access point. Client users will be prompted for a
user name and password to authenticate with the network.
WPA/WPA2
Enterprise
(RADIUS) Client
Using EAP-TLS
Certificate
Extensible Authentication Protocol (EAP) Transport Layer Security (TLS),
or EAP-TLS, is an authentication protocol that supports the use of smart
cards and certificates. You have the option of using EAP-TLS with both
WPA/WPA2 Enterprise (RADIUS) and IEEE 802.1x modes if you have an
external RADIUS server on the network to support it.
Note
If you want to use IEEE 802.1x mode with EAP-TLS certificates for
authentication and authorization of clients, you must have an
external RADIUS server and a Public Key Authority Infrastructure
(PKI), including a Certificate Authority (CA), server configured on
your network. It is beyond the scope of this document to describe
these configuration of the RADIUS server, PKI, and CA server.
Consult the documentation for those products.
Some good starting points available on the web for the Microsoft
Windows PKI software are: “How to Install/Uninstall a Public Key
Certificate Authority for Windows 2
and
“How to Configure a Certificate Serve
To use this type of security, you must do the following:
1. Add the AT-WA7400 Wireless Access Point to the list of RADIUS
2. Configure the AT-WA7400 Wireless Access Point to use your RADIUS
server by providing the RADIUS server IP address as part of the WPA/
WPA2 Enterprise [RADIUS] security mode settings.
3. Configure wireless clients to use WPA security and Smart Card or
other Certificate as described in this section.
4. Obtain a certificate for this client as described in “Obtaining a TLS-EAP