Symbol Technologies WS 2000 User Manual

Security—How to Configure 802.1x EAP Authentication

6. Set the maximum number of retries (Max. Retries) for a client to successfully

reauthenticate after failing to complete the EAP process. If the mobile unit fails the
authentication process in specified number of retries, the switch will terminate the
connection to the mobile unit.

7. The administrator is required to specify the IP address of a primary RADIUS server

for this type of authentication to work. Providing the IP address of a secondary server is
optional. The secondary server acts as a failover server if the switch cannot successfully
contact the primary server.

8. Specify the port on which the primary RADIUS server is listening in the Radius port

field. Optionally, specify the port of a secondary (failover) server. Older RADIUS
servers listen on ports 1645 and 1646. Newer servers listen on ports 1812 and 1813.
Port 1645 or 1812 is used for authentication. Port 1646 or 1813 is used for accounting.
The ISP or a network administrator can confirm the appropriate primary and secondary
port numbers.

9. The administrator can specify a Radius shared secret for authentication on the

primary RADIUS server. Shared secrets are used to verify that RADIUS messages, with
the exception of the Access-Request message, are sent by a RADIUS-enabled device
that is configured with the same shared secret. The shared secret is a case-sensitive
string that can have letters, numbers, or symbols. Make the shared secret at least 22
characters long to protect the RADIUS server from brute-force attacks.

10. The MU Quiet Period field allows the administrator to specify the idle time (in

seconds) between a mobile unit’s authentication attempts, as required by the server.

11. The MU Timeout allows the administrator to specify the time (in seconds) for the

mobile unit’s retransmission of EAP-Request packets.

12. The MU Tx Period field allows the administrator to specify the time period (in

seconds) for the server’s retransmission of the EAP-Request/Identity frame.

13. The MU Max Retries field allows the administrator to set the maximum number of

times for the mobile unit to retransmit an EAP-Request frame to the server before it
times out the authentication session. Note that this is a different value from the Max
Retry field at the top of the window.

14. The Server Timeout indicates the maximum time (in seconds) that the switch will

wait for the server’s transmission of EAP Transmit packets.

15. The Server Max Retries field allows the administrator to set the maximum number

of times for the server to retransmit an EAP-Request frame to the client before it times
out the authentication session. Note that this is a different value from the Max Retry
field at the top of the window.

16. Click the Apply button to save changes.

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

58

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004