SmartBridges sB3210 User Manual

Page 48

Advertising
background image

Page 48 of 55

airPoint™ Nexus User Configuration Guide

i n t e l l i g e n t w i r e l e s s p l a t f o r m

dh_file = /usr/local/radius/etc/1x/dh

random_file

=

/usr/local/radius/etc/1x/random

fragment_size

=

1024

include_length

=

yes

}

No other changes are needed in radiusd.conf for TLS.

d. Server Certificates, DH File, and Random File – we added a new directory 1x in the radius etc
directory, and then copied the server certificates (root.pem and cert-srv.pem) into the directory.
Finally, we used the following trick to produce dh and random:

date > dh
date > random

If you prefer, use your keyboard to enter some random characters in these files. Or even better, use
the OpenSSL tools to produce the random information for these files.

e. Run-Radius -- The only server addition remaining is wrapper for radiusd. We added a new file run-
radius in the /usr/local/radius/sbin directory. The script is from Document 3:

----- Wrapper Script ------------------------------------
#!/bin/sh -x

LD_LIBRARY_PATH=/usr/local/openssl/lib
LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so

export LD_LIBRARY_PATH LD_PRELOAD

/usr/local/radius/sbin/radiusd $@
---------------------------------------------------------

After entering and saving the script, make run-radius executable:

chmod u=rwx run-radius

The server is complete.


4. Install Windows XP Certificates and Setup Client for TLS

The Windows XP certificates need to be installed, and client needs to be configured. We recommend
that you follow Raymond McKay's example in Document 3, Section 10, XP Client (Supplicant) Setup.
When this step is complete, the client is ready.


5. AP Setup

The AP configuration needs to be modified. This is the setup we used with our ZyXEL B-1000v2. (We
assume that the B-1000 has been configured previously to use WEP keys and MAC addresses.)

At the wireless 802.1x tab:

Wireless Port Control = Authentication Required
ReAuthentication Timer = 1800 seconds
Idle Timeout = 3600 seconds
Authentication Database = RADIUS only
Dynamic WEP Key Exchange = 128-bit WEP

Advertising
Popular Brands
Popular manuals