Gateway 7001 Series User Manual
146
www.gateway.com
Configuring an external RADIUS server to recognize the Gateway 7001 AP
An external Remote Authentication Dial-in User Server (RADIUS) server running on the
network can support of EAP-TLS smart card/certificate distribution to clients in a Public
Key Infrastructure (PKI) as well as EAP-PEAP user account setup and authentication. By
external RADIUS server, we mean an authentication server external to the access point
itself. This is to distinguish between the scenario in which you use a network RADIUS server
versus one in which you use the Built-in Authentication Server on the Gateway 7001 AP.
network can support of EAP-TLS smart card/certificate distribution to clients in a Public
Key Infrastructure (PKI) as well as EAP-PEAP user account setup and authentication. By
external RADIUS server, we mean an authentication server external to the access point
itself. This is to distinguish between the scenario in which you use a network RADIUS server
versus one in which you use the Built-in Authentication Server on the Gateway 7001 AP.
This section provides an example of configuring an external RADIUS server for the purposes
of authenticating and authorizing TLS-EAP certificates from wireless clients of a particular
Gateway 7001 AP configured for either “WPA with RADIUS” or “IEEE 802.1x” security
modes. The intention of this section is to provide some idea of what this process will look
like. Procedures will vary depending on the RADIUS server you use and how you configure
it. For this example, we use the Internet Authentication Service that comes with Microsoft
Windows 2003 server.
of authenticating and authorizing TLS-EAP certificates from wireless clients of a particular
Gateway 7001 AP configured for either “WPA with RADIUS” or “IEEE 802.1x” security
modes. The intention of this section is to provide some idea of what this process will look
like. Procedures will vary depending on the RADIUS server you use and how you configure
it. For this example, we use the Internet Authentication Service that comes with Microsoft
Windows 2003 server.
The purpose of this procedure is to identify your Gateway 7001 AP as a “client” to the
RADIUS server. The RADIUS server can then handle authentication and authorization of
wireless clients for the AP. This procedure is required for each access point. If you have
more than one access point with which you plan to use an external RADIUS server, you
need to follow these steps for each of those APs.
RADIUS server. The RADIUS server can then handle authentication and authorization of
wireless clients for the AP. This procedure is required for each access point. If you have
more than one access point with which you plan to use an external RADIUS server, you
need to follow these steps for each of those APs.
Important
This document does not describe how to set up Administrative users
on the RADIUS server. In this example, we assume you already have
RADIUS server user accounts configured. You will need a RADIUS
server user name and password for both this procedure and the
following one that describes how to obtain and install a certificate on
the wireless client. Consult the documentation for your RADIUS
server for information on setting up user accounts.
on the RADIUS server. In this example, we assume you already have
RADIUS server user accounts configured. You will need a RADIUS
server user name and password for both this procedure and the
following one that describes how to obtain and install a certificate on
the wireless client. Consult the documentation for your RADIUS
server for information on setting up user accounts.