Extreme Networks Summit WM Technical Reference Manual page 42

Version 5.1

Hide thumbs Also See for Summit WM:

Installation instructions (1 page)

Getting started manual (126 pages)

Maintenance manual (130 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

page of 222

/ 222
Contents
Table of Contents
Bookmarks

Table of Contents

Creating the Windows Security Infrastructure

Profile, Encryption tab: Clear all other check boxes except the Strongest check box. This forces all

wireless connections to use 128-bit encryption. The settings on the Encryption tab correspond to the

MS-MPPE-Encryption-Policy and MS-MPPE-Encryption-Types RADIUS attributes and might be

supported by the wireless AP. If these attributes are not supported, clear all the check boxes except

No encryption.For more information, see the "Add a remote access policy" procedure in this section

2 For Windows Server 2003 IAS, use the New Remote Access Policy Wizard to create a common

remote access policy with the following settings:

a Policy name: Wireless access to intranet (example)

b Access Method: Wireless

c User or Group Access: Group with the Wireless Users group selected (example group name)

d Authentication Methods: Smart Card or other Certificate type (for EAP-TLS) or Protected EAP

(PEAP) type (for EAP-MS-CHAP v2)

3 If the wireless APs require vendor specific attributes (VSAs), you must add the VSAs to the remote

access policy. For more information, see the "Configure vendor-specific attributes for a remote access

policy" procedure in this section.

4 For Windows 2000 IAS, delete the default remote access policy named Allow access if dial-in

permission is enabled. To delete a remote access policy, right-click the policy name in the Internet

Authentication Service snap-in and click Delete

Best Practice

If you are managing the remote access permission of user and computer accounts on a per-account

basis, use remote access policies that specify a connection type. If you are managing the remote access

permission through the remote access policy, use remote access policies that specify a connection type

and group. The recommended method is to manage remote access permission through the remote

access policy.

Add a remote access policy

1 Open the Internet Authentication Service snap-in.

2 In the console tree, right-click Remote Access Policies, and then click New Remote Access Policy.

Configure vendor-specific attributes for a remote access policy

1 Open the Internet Authentication Service snap-in.

2 In the console tree, click Remote Access Policies.

3 In the details pane, double-click the policy for which you want to configure a vendor-specific

attribute (VSA).

4 Click Edit Profile, click the Advanced tab, and then click Add.

5 Look at the list to see whether your vendor-specific attribute is already in the list of available

RADIUS attributes. If it is, double-click it, and then configure it as specified in your wireless AP

documentation.

6 If the vendor-specific attribute is not in the list of available RADIUS attributes, click the Vendor-

Specific attribute, and then click Add.

7 In the Multivalued Attribute Information dialog box, click Add

Summit WM Technical Reference Guide, Software Version 5.1

Table of Contents

Extreme Networks Summit WM Technical Reference Manual page 42

Related Manuals for Extreme Networks Summit WM

Related Products for Extreme Networks Summit WM

Table of Contents