4 using wpa-802.1x, 5 802.1x server setup (windows 2000 server) – PLANET WNAP-3000PE User Manual
Page 54
Security
• The
Pre-shared Key entered on the WNAP-3000PE must
also be entered on each Wireless client.
• The Encryption method (e.g. TKIP, AES) must be set to
match the WNAP-3000PE.
8.4 Using WPA-802.1x
This is the most secure and most complex system.
802.1x mode provides greater security and centralized management, but it is more
complex to configure.
Wireless Station Configuration
For each of the following items, each Wireless Station must have the same settings as
the WNAP-3000PE.
Mode
On each PC, the mode must be set to Infrastructure.
SSID (ESSID)
This must match the value used on the WNAP-3000PE.
The default value is wireless
Note: The SSID is case sensitive.
802.1x
Authentica-
tion
Each client must obtain a Certificate which is used for authentica-
tion for the Radius Server.
802.1x
Encryption
Typically, EAP-TLS is used. This is a dynamic key system, so
keys do NOT have to be entered on each Wireless station.
However, you can also use a static WEP key (EAP-MD5); the
WNAP-3000PE supports both methods simultaneously.
Radius Server Configuration
If using WPA-802.1x mode, the Radius Server on your network must be configured as
follow:
• It must provide and accept Certificates for user authentication.
• There must be a Client Login for the WNAP-3000PE itself.
• The WNAP-3000PE will use its Default Name as its Client Login name. (However,
your Radius server may ignore this and use the IP address instead.)
• The
Shared Key, set on the Security Screen of the WNAP-3000PE, must match
the Shared Secret value on the Radius Server.
• Encryption settings must be correct.
8.5 802.1x Server Setup (Windows 2000 Server)
This section describes using Microsoft Internet Authentication Server as the Radius
Server, since it is the most common Radius Server available that supports the EAP-
TLS authentication method.
The following services on the Windows 2000 Domain Controller (PDC) are also re-
quired:
49