ProSoft Technology RLX2-IHx Series User Manual page 76

Configuring a Radio - Detailed Configuration
User Manual
Parameter
Anonymous ID
Authentication
Method
User Name
Password
Certificates
Certificate Management
When using Enterprise-level security, some EAP methods require the use of
X.509 certificates that you must upload to the RLX2-IHx series radio. There are
two certificate types; a certificate from a 'Certification Authority' used to
authenticate the RADIUS server to the radio supplicant, and device or client
certificate created by the RADIUS server for the radio. The RLX2-IHx series radio
is able to hold one of each certificate type.

If using EAP-PEAP authentication, you need a CA Certificate (to authenticate
the RADIUS server) and a username and password.

If using EAP-TLS, you need a CA Certificate, a Client Certificate, and Private
Key (contained in a single p12 file) to authenticate the client. The p12 file is
encrypted and requires a password.

Your IT person will provide you with the appropriate files that you'll need to
load to the RLX2-IHx series Repeater radio.
Page 76 of 250
Description
Specifies the identity request in the first phase of the exchange that is sent in the
clear. The identity sent in this first phase can be set to an anonymous identity
(for example anon_user) or an anonymous identity at a domain (for example
anon@xyz.com). The real identity (username) is sent encrypted after the EAP
tunnel is established in the second phase of the radius exchange.
Use this parameter if you are concerned about the username being sent in the
clear. Your IT department should specify the text for this parameter based on
their RADIUS server(s) configuration.
Specifies the authentication method, sometimes referred to as the inner protocol.
This defines the mechanism used to authenticate the Supplicant of the radio with
the RADIUS server. The following authentication methods are supported:
2 - Microsoft's version of the Challenge Handshake Authentication
MS-CHAP
V
Protocol. This method provides mutual authentication between the Supplicant
and the RADIUS server, using a user name and password and challenge text
responses.
MD5 - Message Digest cryptographic hashing algorithm based on a user name
and password.
TLS - Certificate-based inner authentication protocol.
Specifies the user name of the account that is to be authenticated. When using
EAP-TLS, this represents the identity of the entity assigned to the device
certificate being used.
Specifies the required password when using EAP-PEAP or EAP-TTLS with MS-
CHAP 2 or MD5. This is the password of the account corresponding to the U
V
N .
AME
Displays the current certificates installed in the radio, and provides controls to
upload new certificates into the unit. For more information, see Certificate
Management (page 76).
Note: The RLX2-IHx series radio does not ship with any certificates installed.
RLX2-IHx Series ♦ 802.11a, b, g, n
Industrial Hotspots
SER
ProSoft Technology, Inc.