Netgear WFS709TP 사용자 설명서
WFS709TP ProSafe Smart Wireless Switch Software Administration Manual
7-4
Configuring 802.1x Authentication
v1.1, November 2008
In this scenario, the supplicant must be configured for Protected EAP (PEAP), as the WFS709TP
only supports PEAP. PEAP uses Transport Layer Security (TLS) to create an encrypted tunnel.
Within the tunnel, one of the following EAP methods is used:
only supports PEAP. PEAP uses Transport Layer Security (TLS) to create an encrypted tunnel.
Within the tunnel, one of the following EAP methods is used:
•
EAP-Generic Token Card (GTC): Described in RFC 2284, this EAP method permits the
transfer of unencrypted usernames and passwords from client to server. The main uses for
EAP-GTC are one-time token cards such as SecureID and the use of a RADIUS server as the
user authentication server. You can also enable caching of user credentials on the WFS709TP
as a backup to an external authentication server.
transfer of unencrypted usernames and passwords from client to server. The main uses for
EAP-GTC are one-time token cards such as SecureID and the use of a RADIUS server as the
user authentication server. You can also enable caching of user credentials on the WFS709TP
as a backup to an external authentication server.
•
EAP-Microsoft Challenge Authentication Protocol version 2 (MS-CHAPv2): Described in
RFC 2759, this EAP method is widely supported by Microsoft clients. A RADIUS server must
be used as the backend authentication server.
RFC 2759, this EAP method is widely supported by Microsoft clients. A RADIUS server must
be used as the backend authentication server.
If you are using the WFS709TP’s internal database for user authentication, you need to add the
names and passwords of the users to be authenticated. If you are using a RADIUS server for user
authentication, you need to configure the RADIUS server on the WFS709TP.
names and passwords of the users to be authenticated. If you are using a RADIUS server for user
authentication, you need to configure the RADIUS server on the WFS709TP.
Configuring 802.1x Authentication
On the WFS709TP, use the following steps to configure a wireless network that uses 802.1x
authentication:
authentication:
1. Configure the 802.1x RADIUS authentication server.
2. Configure 802.1x authentication. See
3. Configure the VLANs to which the authenticated users will be assigned. See
.
4. Configure the WLAN, specifying the authentication and encryption that matches the wireless
client configuration.
Note: You must install a server certificate in the WFS709TP for AAA FastConnect,
as described in
Note: If you are using EAP-GTC within a PEAP tunnel, you can configure a
RADIUS server as the authentication server. If you are using AAA
FastConnect, you can use a non-802.1x server or the WFS709TP’s internal
database. See
FastConnect, you can use a non-802.1x server or the WFS709TP’s internal
database. See
.