Psion Teklogix 9160 G2 Benutzerhandbuch
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup
Network Infrastructure And Choosing Between Built-in Or External Authentication Server
Network Infrastructure And Choosing Between Built-in Or External Authentication Server
C-4
Psion Teklogix 9160 G2 Wireless Gateway User Manual
C.1 Network Infrastructure And Choosing Between Built-in Or
External Authentication Server
Network security configurations including Public Key Infrastructures (PKI),
Remote Authentication Dial-in User Server (RADIUS) servers, and Certificate
Authority (CA) can vary a great deal from one organization to the next in terms of
how they provide Authentication, Authorization, and Accounting (AAA). Ulti-
mately, the particulars of your infrastructure will determine how clients should con-
figure security to access the wireless network. Rather than try to predict and address
the details of every possible scenario, this document provides general guidelines
about each type of client configuration supported by the 9160 G2 Wireless Gateway.
Remote Authentication Dial-in User Server (RADIUS) servers, and Certificate
Authority (CA) can vary a great deal from one organization to the next in terms of
how they provide Authentication, Authorization, and Accounting (AAA). Ulti-
mately, the particulars of your infrastructure will determine how clients should con-
figure security to access the wireless network. Rather than try to predict and address
the details of every possible scenario, this document provides general guidelines
about each type of client configuration supported by the 9160 G2 Wireless Gateway.
C.1.1 Using The Built-in Authentication Server (EAP-PEAP)
If you do not have a RADIUS server or PKI infrastructure in place and/or are unfa-
miliar with many of these concepts, we strongly recommend setting up the 9160 G2
Wireless Gateways with security that uses the Built-in Authentication Server on the
AP. This will mean setting up the AP to use either IEEE 802.1x or WPA/WPA2
Enterprise (RADIUS) security mode. (The built-in authentication server uses EAP-
PEAP authentication protocol.)
miliar with many of these concepts, we strongly recommend setting up the 9160 G2
Wireless Gateways with security that uses the Built-in Authentication Server on the
AP. This will mean setting up the AP to use either IEEE 802.1x or WPA/WPA2
Enterprise (RADIUS) security mode. (The built-in authentication server uses EAP-
PEAP authentication protocol.)
•
If the 9160 G2 Wireless Gateway is set up to use IEEE 802.1x mode and the
Built-in Authentication Server, then configure wireless clients as described
in “IEEE 802.1x Client Using EAP/PEAP” on page C-11.
Built-in Authentication Server, then configure wireless clients as described
in “IEEE 802.1x Client Using EAP/PEAP” on page C-11.
•
If the 9160 G2 Wireless Gateway is configured to use WPA/WPA2 Enter-
prise (RADIUS) mode and the Built-in Authentication Server, configure
wireless clients as described in “WPA/WPA2 Enterprise (RADIUS) Client
Using EAP/PEAP” on page C-20.
prise (RADIUS) mode and the Built-in Authentication Server, configure
wireless clients as described in “WPA/WPA2 Enterprise (RADIUS) Client
Using EAP/PEAP” on page C-20.
C.1.2 Using An External RADIUS Server With
EAP-TLS Certificates Or EAP-PEAP
We make the assumption that if you have an external RADIUS server and PKI/CA
setup, you will know how to configure client security options appropriate to your
security infrastructure beyond the fundamental suggestions given here. Topics
covered here that particularly relate to client security configuration in a RADIUS -
PKI environment are:
setup, you will know how to configure client security options appropriate to your
security infrastructure beyond the fundamental suggestions given here. Topics
covered here that particularly relate to client security configuration in a RADIUS -
PKI environment are: