beautypg.com

Allied Telesis AT-WA7400/EU User Manual

Page 248

background image

Appendix B: Configuring Security on Wireless Clients

248

Configuring an External RADIUS Server to Recognize the
AT-WA7400 Wireless Access Point

An external Remote Authentication Dial-in User Server (RADIUS) server
running on the network can support of EAP-TLS smart card/certificate
distribution to clients in a Public Key Infrastructure (PKI) as well as EAP-
PEAP user account setup and authentication. By external RADIUS server,
we mean an authentication server external to the access point itself. This
is to distinguish between the scenario in which you use a network RADIUS
server versus one in which you use the built-in authentication server on
the AT-WA7400 Wireless Access Point.

This section provides an example of configuring an external RADIUS
server for the purposes of authenticating and authorizing TLS-EAP
certificates from wireless clients of a particular AT-WA7400 Wireless
Access Point configured for either WPA/WPA2 Enterprise (RADIUS) or
IEEE 802.1x security modes. The intention of this section is to provide
some idea of what this process will look like; procedures will vary
depending on the RADIUS server you use and how you configure it. For
this example, the Internet Authentication Service that is shipped with
Microsoft Windows 2003 server is used.

Note

This document does not describe how to set up Administrative users
on the RADIUS server. In this example, Allied Telesyn assumes that
you already have RADIUS server user accounts configured. You will
need a RADIUS server user name and password for both this
procedure and the following one that describes how to obtain and
install a certificate on the wireless client. Please consult the
documentation for your RADIUS server for information on setting up
user accounts.

The purpose of this procedure is to identify your AT-WA7400 Wireless
Access Point as a client to the RADIUS server. The RADIUS server can
then handle authentication and authorization of wireless clients for the
access point. This procedure is required per access point. If you have
more than one access point with which you plan to use an external
RADIUS server, you need to follow these steps for each of those access
points.

Keep in mind that the information you need to provide to the RADIUS
server about the access point corresponds to settings on the access point
(Advanced > Security) and vice versa. You should have already provided
the RADIUS server IP Address to the access point. In the steps that
follow, you provide the access point IP address to the RADIUS server. The
RADIUS Key provided on the access point is the shared secret you will
provide to the RADIUS server.

See also other documents in the category Allied Telesis Computer hardware: