62
C
4: C
HAPTER
ONFIGURING THE
Configuring the
Wireless Stations
Using 802.1x
W
S
IRELESS
TATIONS
A client logon account for the Access Point must be configured on the
■
RADIUS server.
The Access Point normally uses its default name as its client logon
■
name. However, the RADIUS server may ignore this and use the IP
address instead.
The shared secret value on the RADIUS server must match the
■
shared key that was configured on the Access Point.
The encryption settings on the RADIUS server must be correct.
■
After configuring the RADIUS server, configure the security settings on
the wireless stations so that they match the security settings specified on
the Access Point.
Table 15
lists the settings that you need to configure on the wireless
stations for WPA-802.1x
Table 15 Client Wireless Settings When Using WPA-802.1x
Setting
Mode
SSID (ESSID)
802.1x
Authentication
802.1x Encryption
For specific instructions on how to configure these settings, refer to the
documentation that came with the wireless network adapter that is
installed on the wireless station.
To use 802.1x for client authentication on your wireless network, you
need to:
Set up a Microsoft Internet Authentication Server as RADIUS server
■
Description
The wireless station must be set to infrastructure mode (not
ad hoc mode).
The SSID must match an SSID that is specified on the Access
Point. The default SSID is 3Com.
NOTE: The SSID is case-sensitive.
The wireless station must obtain a certificate, which it will to
authenticate itself with the RADIUS server.
Normally, EAP-TLS is used for encryption. This is a dynamic
key system, so keys do not have to be entered on each
wireless station.
If preferred, you can also use a static WEP key (EAP-MD5) for
data encryption. The Access Point supports simultaneous use
of both encryption methods.