Ieee 802.1x client using eap/tls certificate – Allied Telesis AT-WA7400/NA User Manual
Page 231

AT-WA7400 Management Software User’s Guide
231
7. Click OK on all dialog boxes (starting with the EAP MSCHAP v2
Properties dialog box) to close and save your changes.
IEEE 802.1x PEAP clients should now be able to associate with the 
access point. Client users will be prompted for a user name and 
password to authenticate with the network.
IEEE 802.1x Client Using EAP/TLS Certificate
Extensible Authentication Protocol (EAP) Transport Layer Security (TLS), 
or EAP-TLS, is an authentication protocol that supports the use of smart 
cards and certificates. You have the option of using EAP-TLS with both 
WPA/WPA2 Enterprise (RADIUS) and IEEE 802.1x modes if you have an 
external RADIUS server on the network to support it.
Note
If you want to use IEEE 802.1x mode with EAP-TLS certificates for 
authentication and authorization of clients, you must have an 
external RADIUS server and a Public Key Authority Infrastructure 
(PKI), including a Certificate Authority (CA), server configured on 
your network. It is beyond the scope of this document to describe 
these configuration of the RADIUS server, PKI, and CA server. 
Consult the documentation for those products.
Some good starting points available on the web for the Microsoft 
Windows PKI software are: “How to Install/Uninstall a Public Key 
Certificate Authority for Windows 2
and
How to Configure a Certificate Server at
To use this type of security, you must do the following:
1. Add the AT-WA7400 Wireless Access Point to the list of RADIUS
2. Configure the AT-WA7400 Wireless Access Point to use your RADIUS
server (by providing the RADIUS server IP address as part of the IEEE 
802.1x security mode settings).
3. Configure wireless clients to use IEEE 802.1x security and “Smart
Card or other Certificate” as described in this section.
4. Obtain a certificate for this client as described in “Obtaining a TLS-EAP
