Table of Contents
Advertisement
Linksys
Using WPA2-Enterprise
This is the most secure and most complex system.
WPA-Enterprise mode provides greater security and centralized management,
but it is more complex to configure.
Wireless Station Configuration
For each of the following items, each wireless station must have the same
settings as the wireless access point.
Mode
On each PC, the mode must be set to Infrastructure.
SSID (ESSID)
This must match the value used on the wireless
access point.
The default value is LinksysSMB24G for radio 1 and
LinksysSMB5G for radio 2.
Note The SSID is case sensitive.
802.1x
Each client must obtain a certificate for authentication
for the RADIUS server.
Authentication
802.1x
Typically, EAP-TLS is used. This is a dynamic key
system, so keys do NOT have to be entered on each
Encryption
wireless station.
You can also use a static WEP key (EAP-MD5). The
wireless access point supports both methods
simultaneously.
RADIUS Server Configuration
If using WPA2-Enterprise mode, the RADIUS server on your network must be
configured as follows.
•
It must provide and accept Certificates for user authentication.
•
There must be a Client Login for the wireless access point itself.
The wireless access point will use its default name as its client login name.
(However, your RADIUS server may ignore this and use the IP address instead.)
The Shared Key, set on the Security Screen of the access point, must match the
Shared Secret value on the RADIUS server.
•
Encryption settings must be correct.
Appendix C PC And Server Configuration
802.1x Server Setup (Windows 2000 Server)
This section describes using Microsoft Internet Authentication Server as the
RADIUS server, since it is the most common RADIUS server available that
supports the EAP-TLS authentica-tion method.
The following services on the Windows 2000 Domain Controller (PDC) are
also required.
•
dhcpd
•
dns
•
rras
•
webserver (IIS)
•
RADIUS Server (Internet Authentication Service)
•
Certificate Authority
Windows 2000 Domain Controller Setup
1.
Run dcpromo.exe from the command prompt.
2.
Follow all of the default prompts, ensure that DNS is installed and enabled
during installation.
Services Installation
1.
Select the Control Panel -> Add/Remove Programs.
2.
Click Add/Remove Windows Components from the left side.
3.
Ensure that the following components are selected.
Certificate Services. After enabling this, you will see a warning that the
computer cannot be renamed and joined after installing certificate services.
Select Yes to select certificate services and continue
World Wide Web Server. Select World Wide Web Server on the Internet
Information Services (IIS) component.
From the Networking Services category, select Dynamic Host Configuration
Protocol (DHCP), and Internet Authentication Service (DNS should already be
selected and installed).
41
Hide quick links:
Advertisement
Table of Contents
