Table of Contents
Advertisement
Configuring Access Point Security
Default
Authentication Type
Server Certificate
CA Certificate
CAUTION
If you have imported a Server or CA certificate, the certificate will not be saved when updating the
Access Point's firmware. Export your certificates before upgrading the Access Point's firmware. From the Access
Point CLI, use the admin(system.cmgr)> expcert command to export the certificate to a secure location.
4 Use the Radius Client Authentication table to configure multiple shared secrets based on the subnet or
host attempting to authenticate with the RADIUS server. Use the Add button to add entries to the
list. Modify the following information as needed within the table.
Subnet/Host
Netmask
252
Specify a PEAP and/or TTLS Authentication Type for EAP
to use from the drop-down menu to the right of each
checkbox item. PEAP options include:
• GTC—EAP Generic Token Card (GTC) is a challenge
handshake authentication protocol using a hardware
token card to provide the response string.
• MSCHAP-V2—Microsoft CHAP (MSCHAP-V2) is an
encrypted authentication method based on Microsoft's
challenge/response authentication protocol.
TTLS options include:
• PAP—Password Authentication Protocol sends a
username and password over a network to a server
that compares the username and password to a table
of authorized users. If the username and password are
matched in the table, server access is authorized.
WatchGuard products do not support the PAP protocol
because the username and password are sent as clear
text that a hacker can read.
• MD5—This option enables the MD5 algorithm for data
verification. MD5 takes as input a message of arbitrary
length and produces a 128- bit fingerprint. The MD5
algorithm is intended for digital signature applications,
in which a large file must be compressed in a secure
manner before being encrypted with a private (secret)
key under a public-key cryptographic system.
• MSCHAP-V2—Microsoft CHAP (MSCHAP-V2) is an
encrypted authentication method based on Microsoft's
challenge/response authentication protocol.
If you have a server certificate from a CA and wish to use
it on the RADIUS server, select it from the drop-down
menu. Only certificates imported to the Access Point are
available in the menu.
You can also choose an imported CA Certificate to use on
the RADIUS server. If using a server certificate signed by
a CA, import that CA's root certificate using the CA
certificates screen. After a valid CA certificate has been
imported, it is available from the CA Certificate drop-down
menu.
Defines the IP address of the subnet or host that will be
authenticating with the RADIUS server. If a WLAN has
been created to support mesh networking, then enter the
IP address of mesh client bridge in order for the MU to
authenticate with a base bridge.
Defines the netmask (subnet mask) of the subnet or host
authenticating with the RADIUS server.
Altitude 4700 Series Access Point Product Reference Guide
Advertisement
Table of Contents
Related Manuals for Extreme Networks Altitude 4700 Series
Related Products for Extreme Networks Altitude 4700 Series
- Extreme Networks ExtremeSwitching Virtual Services Platform 4450GTX-HT-PWR+
- Extreme Networks Universal Compute Platform Appliance 4120C
- Extreme Networks 4120 Series
- Extreme Networks ExtremeSwitching 5420M-48W-4YE
- Extreme Networks ExtremeSwitching 5420M-48T-4YE
- Extreme Networks ExtremeSwitching Virtual Services Platform 4850GTS-PWR+
- Extreme Networks ExtremeSwitching Virtual Services Platform 4850GTS Series
- Extreme Networks EPICenter 4.1