3com 5500-SI Manual De Usuario
658
C
HAPTER
B: RADIUS S
ERVER
AND
RADIUS C
LIENT
S
ETUP
In the example above, Tunnel-Medium-Type has been set to TMT802, to force
FreeRADIUS to treat 802 as a string requiring to be looked up in the dictionary and
return integer 6, rather than return integer 802 which would be the case if
Tunnel-Medium-Type was set to 802.
FreeRADIUS to treat 802 as a string requiring to be looked up in the dictionary and
return integer 6, rather than return integer 802 which would be the case if
Tunnel-Medium-Type was set to 802.
Setting Up the RADIUS
Client
Client
This section covers the following RADIUS clients:
n
n
n
Windows 2000 built-in
client
Windows 2000 requires Service Pack 3 and the IEEE 802.1x client patch for
Windows 2000.
Windows 2000.
1 Downloaded the patches if required from:
http://www.microsoft.com/Downloads/details.aspx?displaylang=en&Famil
yID=6B78EDBE-D3CA-4880-929F-453C695B9637
2 After the updates have been installed, start the Wireless Authentication Service in
Component Services on the Windows 2000 workstation (set the service to startup
type Automatic).
type Automatic).
3 Open the Network and Dial up connections folder, right-click the desired Network
Interface and select Properties.
4 Select the Authentication tab and check Enable Network Access Control using IEEE
802.1x
5 Set Smart Card or Certificate as EAP type and select the previously imported
certificate as shown below.
Windows XP built-in
client
The RADIUS client shipped with Windows XP has a security issue which affects the
port authentication operation. If the RADIUS client is configured to use EAP-MD5,
after a user logs-off, then the next user to log-on will remain authorized with the
original user’s credentials. This occurs because the Microsoft client does not
port authentication operation. If the RADIUS client is configured to use EAP-MD5,
after a user logs-off, then the next user to log-on will remain authorized with the
original user’s credentials. This occurs because the Microsoft client does not