Psion Teklogix 9160 G2 Benutzerhandbuch
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup
Configuring An External RADIUS Server To Recognize The 9160 G2 Wireless Gateway
Configuring An External RADIUS Server To Recognize The 9160 G2 Wireless Gateway
C-30
Psion Teklogix 9160 G2 Wireless Gateway User Manual
Click OK on the Wireless Network Properties dialog to close it and save your changes.
Connecting To The Wireless Network With A WPA-PSK Client
WPA-PSK clients should now be able to associate and authenticate with the access
point. As a client, you will not be prompted for a key. The TKIP or AES key you
configured on the client security settings is automatically used when you connect.
point. As a client, you will not be prompted for a key. The TKIP or AES key you
configured on the client security settings is automatically used when you connect.
C.9 Configuring An External RADIUS Server To Recognize The
9160 G2 Wireless Gateway
An external Remote Authentication Dial-in User Server (RADIUS) running on the
network can support EAP-TLS smart card/certificate distribution to clients in a
Public Key Infrastructure (PKI), as well as EAP-PEAP user account setup and
authentication. By external RADIUS server, we mean an authentication server
external to the access point itself. This is to distinguish between the scenario in
which you use a network RADIUS server versus one in which you use the Built-in
Authentication Server on the 9160 G2 Wireless Gateway.
network can support EAP-TLS smart card/certificate distribution to clients in a
Public Key Infrastructure (PKI), as well as EAP-PEAP user account setup and
authentication. By external RADIUS server, we mean an authentication server
external to the access point itself. This is to distinguish between the scenario in
which you use a network RADIUS server versus one in which you use the Built-in
Authentication Server on the 9160 G2 Wireless Gateway.
This section provides an example of configuring an external RADIUS server for the
purposes of authenticating and authorizing TLS-EAP certificates from wireless
clients of a particular 9160 G2 Wireless Gateway configured for either
“WPA/WPA2 Enterprise (RADIUS)” or “IEEE 802.1x” security modes. The inten-
tion of this section is to provide some idea of what this process will look like; proce-
dures will vary depending on the RADIUS server you use and how you configure it.
For this example, we use the Internet Authentication Service that comes with
Microsoft Windows 2003 server.
purposes of authenticating and authorizing TLS-EAP certificates from wireless
clients of a particular 9160 G2 Wireless Gateway configured for either
“WPA/WPA2 Enterprise (RADIUS)” or “IEEE 802.1x” security modes. The inten-
tion of this section is to provide some idea of what this process will look like; proce-
dures will vary depending on the RADIUS server you use and how you configure it.
For this example, we use the Internet Authentication Service that comes with
Microsoft Windows 2003 server.
Note:
This document does not describe how to set up Administrative users on
the RADIUS server. In this example, we assume you already have
RADIUS server user accounts configured. You will need a RADIUS server
user name and password for both this procedure and the following one
that describes how to obtain and install a certificate on the wireless cli-
ent. Please consult the documentation for your RADIUS server for infor-
mation on setting up user accounts.
the RADIUS server. In this example, we assume you already have
RADIUS server user accounts configured. You will need a RADIUS server
user name and password for both this procedure and the following one
that describes how to obtain and install a certificate on the wireless cli-
ent. Please consult the documentation for your RADIUS server for infor-
mation on setting up user accounts.
Enable IEEE 802.1x authentication
for this network
for this network
Make sure that IEEE 802.1x authentication is disabled (unchecked).
(Setting the encryption mode to WEP should automatically disable authentication.)
Table C.17 Authentication Settings