Allied Telesis AT-WA7400/NA User Manual
Page 219

AT-WA7400 Management Software User’s Guide
219
Network Infrastructure and Choosing Between the Built-in or External 
Authentication Server
Network security configurations including Public Key Infrastructures (PKI), 
Remote Authentication Dial-in User Server (RADIUS) servers, and 
Certificate Authority (CA) can vary a great deal from one organization to 
the next in terms of how they provide Authentication, Authorization, and 
Accounting (AAA). Ultimately, the particulars of your infrastructure will 
determine how clients should configure security to access the wireless 
network. Rather than try to predict and address the details of every 
possible scenario, this section provides general guidelines about each 
type of client configuration supported by the AT-WA7400 Wireless Access 
Point.
I Want to Use the
Built-in
Authentication
Server (EAP-
PEAP)
If you do not have a RADIUS server or PKI infrastructure in place and/or 
are unfamiliar with many of these concepts, Allied Telesyn strongly 
recommends setting up the AT-WA7400 Wireless Access Points with 
security that uses the Built-in Authentication Server on the access point. 
This will mean setting up the access point to use either IEEE 802.1x or 
WPA/WPA2 Enterprise (RADIUS) security mode. (The built-in 
authentication server uses the EAP-PEAP authentication protocol.)
If the AT-WA7400 Wireless Access Point is set up to use IEEE 802.1x 
mode and the Built-in Authentication Server, then configure wireless 
clients as described in “IEEE 802.1x Client Using EAP/PEAP” on 
page 227.
If the AT-WA7400 Wireless Access Point is configured to use WPA/
WPA2 Enterprise (RADIUS) mode and the Built-in Authentication 
Server, then configure wireless clients as described in “WPA/WPA2 
Enterprise (RADIUS) Client Using EAP/PEAP” on page 236.
I Want to Use an
External
RADIUS Server
with EAP-TLS
Certificates or
EAP-PEAP
The following sections assume that if you have an external RADIUS server 
and PKI/CA setup, you will know how to configure client security options 
appropriate to your security infrastructure beyond the fundamental 
suggestions given here. Topics covered here that particularly relate to 
client security configuration in a RADIUS - PKI environment are:
“IEEE 802.1x Client Using EAP/TLS Certificate” on page 231
“WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate” 
on page 241
“Configuring an External RADIUS Server to Recognize the 
AT-WA7400 Wireless Access Point” on page 248
“Obtaining a TLS-EAP Certificate for a Client” on page 253
Details about how to configure an EAP-PEAP client with an external 
RADIUS server are not covered in this document.
