Motorola WiNG 5.7.1 System Reference Manual page 480

6 - 10 WiNG 5.7.1 Access Point System Reference Guide
encryption. 802.1X EAP can be deployed with WEP, WPA or WPA2 encryption schemes to further protect user information
forwarded over wireless controller managed WLANs.
The EAP process begins when an unauthenticated supplicant (client device) tries to connect with an authenticator (in this case,
the authentication server). An access point passes EAP packets from the client to an authentication server on the wired side
of the access point. All other packet types are blocked until the authentication server (typically, a RADIUS server) verifies the
client's identity.
802.1X EAP provides mutual authentication over the WLAN during authentication. The 802.1X EAP process uses credential
verification to apply specific policies and restrictions to WLAN users to ensure access is only provided to specific wireless
controller resources.
802.1X requires a 802.1X capable RADIUS server to authenticate users and a 802.1X client installed on each devices accessing
the EAP supported WLAN. An 802.1X client is included with most commercial operating systems, including Microsoft
Windows, Linux and Apple OS X.
The RADIUS server authenticating 802.1X EAP users resides externally to the access point. User account creation and
maintenance can be provided centrally using RFMS or individually maintained on each device. If an external RADIUS server is
used, EAP authentication requests are forwarded.
When using PSK with EAP, packets are sent requesting a secure link using a pre-shared key. The access point and
authenticating device must use the same authenticating algorithm and passcode. EAP-PSK is useful when transitioning from a
PSK network to one that supports EAP. The only encryption types supported with this are TKIP, CCMP and TKIP-CCMP.
To configure EAP on a WLAN:
1. Select the Configuration
2. Select Wireless.
3. Select Wireless LANs
4. Select the Add
5. Select Security.
6. Select EAP, EAP-PSK
Either authentication type enables the radio buttons for various encryption options as an additional measure of security
with the WLAN that can be used with EAP.
7. Either select an existing
parameter to create a new AAA policy, or select the
Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to the network,
enforcing user authorization policies and auditing and tracking usage. These combined processes are central for securing
wireless client resources and wireless network data flows. For information on defining a new AAA policy, see
on page 7-15.
8. Select the Reauthentication
number of seconds (from 30 - 86,400) that, once exceeded, forces the EAP supported client to reauthenticate to use the
resources supported by the WLAN.
9. Select OK to update the WLAN's EAP configuration. Select
EAP, EAP-PSK and EAP MAC Deployment Considerations
802.1x EAP, EAP-PSK and EAP MAC
Before defining a 802.1x EAP, EAP-PSK or EAP MAC supported configuration on a WLAN, refer to the following deployment
guidelines to ensure the configuration is optimally effective:
tab from the Web UI.
to display a high level display of existing WLANs.
button to create an additional WLAN, or select an existing WLAN and
or EAP MAC as the Authentication Type.
AAA Policy from the drop-down menu, select the
check box to force EAP supported clients to reauthenticate. Use the spinner control set the
Create
Edit icon to modify the selected AAA policy's configuration.
Reset to revert back to the last saved configuration.
Edit to modify its security properties.
icon to the right of the AAA Policy
AAA Policy