Chapter 5 advanced configuration, Configuring advanced security 802.1x options, Basic requirements for 802.1x – NETGEAR ME103 User Manual

Page 51: Chapter 5, Advanced configuration, Configuring advanced security 802.1x options -1, Basic requirements for 802.1x -1, Configuring advanced security 802.1x options” on

background image

Advanced Configuration


August 2003

Chapter 5

Advanced Configuration

This chapter describes how to configure the advanced features of your ME103 802.11b ProSafe
Wireless Access Point. These features can be found under the Advanced heading in the main

Configuring Advanced Security 802.1x Options

For an overview of 802.1x, see

“Understanding 802.1x Port Based Network Access Control” on

page B-9

. The ME103 802.11b ProSafe Wireless Access Point supports these 802.1x options:

Key Exchange. Key exchange (PEAP, EAP-TLS, EAP-TTLS) provides strong security
through mutual authentication and automatic key exchange between the two endpoints.
Periodic updates are performed using public-key cryptography through a certificate server and
a Remote Authentication Dial-In User Service (RADIUS) server.

The ME103 configuration procedures for these options are presented below.

Basic Requirements for 802.1x

802.1x requires these parts:


Authenticator: ME103


Authentication Server - a RADIUS server.

Microsoft Internet Authentication Server (IAS) provides RADIUS functionality. Other
vendors also support RADIUS for 802.1x.


Supplicant - Windows 2000 with the 802.1x client patch applied (SP4 802.1x client) or
Windows XP.


Optionally, the Key Exchange options (PEAP, EAP-TLS, and EAP-TTLS) can take advantage
of a Certificate Authority (CA) such as Windows 2000 server provides. To use
certificate-based authentication, both the RADIUS server and the client need to have a
certificate from a certificate server such as Windows 2000 or a public service such as Verisign.