Appendix B: Security Settings on Wireless Clients/RADIUS Server
Configuring WPA/WPA2 Enterprise (RADIUS) Security On A Client
B.7
Configuring WPA/WPA2 Enterprise (RADIUS) Security On
A Client
Wi-Fi Protected Access 2 (WPA2) with Remote Authentication Dial-In User Service (RA-
DIUS) is an implementation of the Wi-Fi Alliance IEEE 802.11h standard, which includes
Advanced Encryption Standard (AES), Counter mode/CBC-MAC Protocol (CCMP), and
Temporal Key Integrity Protocol (TKIP) mechanisms. This mode requires the use of a
RADIUS server to authenticate users.
This security mode also provides backwards-compatibility for wireless clients that support
only the original WPA.
When you configure WPA/WPA2 Enterprise (RADIUS) security mode on the access point,
you have a choice of whether to use the Built-in Authentication Server or an external
RADIUS server that you provide.
The 9160 G2 Wireless Gateway Built-in Authentication Server supports Protected Extensi-
ble Authentication Protocol (EAP) known as "EAP/PEAP" and Microsoft Challenge
Handshake Authentication Protocol Version 2 (MSCHAP V2), which provides authentica-
tion for point-to-point (PPP) connections between a Windows-based computer and network
devices such as access points.
So, if you configure the network (access point) to use security mode and choose the Built-in
Authentication server, you must configure client stations to use WPA/WPA2 Enterprise
(RADIUS) and EAP/PEAP.
If you configure the network (access point) to use this security mode with an external
RADIUS server, you must configure the client stations to use WPA/WPA2 Enterprise (RA-
DIUS) and whichever security protocol your RADIUS server is configured to use.
B.7.1
WPA/WPA2 Enterprise (RADIUS) Client Using EAP/PEAP
The Built-In Authentication Server on the 9160 G2 Wireless Gateway uses Protected Exten-
sible Authentication Protocol (EAP) known as "EAP/PEAP".
•
If you are using the Built-in Authentication server with "WPA/WPA2 Enterprise
(RADIUS)" security mode on the 9160 G2 Wireless Gateway, then you will need to set
up wireless clients to use PEAP.
•
Additionally, you may have an external RADIUS server that uses EAP/PEAP. If so, you
will need to:
1. Add the 9160 G2 Wireless Gateway to the list of RADIUS server clients.
AND
2. Configure your "WPA/WPA2 Enterprise (RADIUS)" wireless clients to use PEAP.
B-22
Psion Teklogix 9160 G2 Wireless Gateway User Manual