Table of Contents
Advertisement
Appendix B: Security Settings on Wireless Clients/RADIUS Server
Using The Built-in Authentication Server (EAP-PEAP)
network. Rather than try to predict and address the details of every possible scenario, this
document provides general guidelines about each type of client configuration supported by
the 9160 G2 Wireless Gateway.
B.1.1
Using The Built-in Authentication Server (EAP-PEAP)
If you do not have a RADIUS server or PKI infrastructure in place and/or are unfamiliar
with many of these concepts, we strongly recommend setting up the 9160 G2 Wireless Gate-
ways with security that uses the Built-in Authentication Server on the AP. This will mean
setting up the AP to use either IEEE 802.1x or WPA/WPA2 Enterprise (RADIUS) security
mode. (The built-in authentication server uses EAP-PEAP authentication protocol.)
•
If the 9160 G2 Wireless Gateway is set up to use IEEE 802.1x mode and the Built-in
Authentication Server, then configure wireless clients as described in "IEEE 802.1x
Client Using EAP/PEAP" on page B-15.
•
If the 9160 G2 Wireless Gateway is configured to use WPA/WPA2 Enterprise
(RADIUS) mode and the Built-in Authentication Server, configure wireless clients as
described in "WPA/WPA2 Enterprise (RADIUS) Client Using EAP/PEAP" on page B-
22.
B.1.2
Using An External RADIUS Server With EAP-TLS Certificates Or EAP-PEAP
We make the assumption that if you have an external RADIUS server and PKI/CA setup,
you will know how to configure client security options appropriate to your security infra-
structure beyond the fundamental suggestions given here. Topics covered here that
particularly relate to client security configuration in a RADIUS - PKI environment are:
•
"IEEE 802.1x Client Using EAP/TLS Certificate" on page B-18.
•
"WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate" on page B-26.
•
"Configuring An External RADIUS Server To Recognize The 9160 G2" on page B-31.
•
"Obtaining A TLS-EAP Certificate For A Client" on page B-35.
Details on how to configure an EAP-PEAP client with an external RADIUS server are not
covered in this document.
B.2
Make Sure The Wireless Client Software Is Up-to-Date
Before starting out, please keep in mind that service packs, patches, and new releases of
drivers and other supporting technologies for wireless clients are being generated at a fast
pace. A common problem encountered in client security setup is not having the right driver
or updates to it on the client. For example, if you are setting up WPA on the client, make
sure you have a driver installed that supports WPA, which is a relatively new technology.
B-8
Psion Teklogix 9160 G2 Wireless Gateway User Manual
Advertisement
Table of Contents
