Dell PowerConnect W-IAP3WN Dell Instant 5.0.3.0-1.1.0.0 User Guide - Page 70

controller (the client certificate must be signed by a known CA) before the user name is checked on the authentication server.  EAP-TTLS (MSCHAPv2) - The Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS) method uses server-side certificates to set up authentication between clients and servers. However, the actual authentication is performed using passwords.  EAP-PEAP (MSCHAPv2) - Protected Extensible Authentication Protocol (PEAP) is an 802.1X authentication method that uses server-side public key certificates to authenticate clients with server. The PEAP authentication creates an encrypted SSL / TLS tunnel between the client and the authentication server. Exchange of information is encrypted and stored in the tunnel ensuring the user credentials are kept secure.  LEAP - Lightweight Extensible Authentication Protocol (LEAP) uses dynamic WEP keys for authentication between the client and authentication server. NOTE: Dell Instant does not ship with any 802.1x server certificate. EAP-TTLS and EAP-PEAP support is not available until the administrator uploads a valid 802.1x server certificate to the Dell Instant network. By default, the 802.1x authentication is limited to LEAP only. NOTE: Dell does not recommend the use of LEAP authentication method because it does not provide any resistance to network attacks. External RADIUS Server In the external RADIUS server, IP address of the virtual controller is configured as the NAS IP address. Instant RADIUS is implemented on the virtual controller. This feature eliminates the need to configure multiple NAS clients for every IAP on the RADIUS server for client authentication. Instant RADIUS dynamically forwards authentication requests from a NAS to a remote RADIUS server. The RADIUS server responds to the authentication request with an Access-Accept or Access-Reject message. Users are allowed or denied access to the network depending on the response from the RADIUS server. Configuring an External RADIUS Server To configure the external RADIUS server for the wireless network, perform the following steps: 1. In the Network tab, click the network for which you want to configure the external RADIUS Server. The edit link for the network appears. 2. Click the edit link. The Edit box for the network appears. 3. Click Next and perform the following tasks in the Security tab: 1. For a network with Personal or Open security level, select External Radius Server from the MAC Authentication drop-down list. 2. Click the Primary link and perform the following steps: a. Enter the IP address of the external RADIUS server in the IP address text box. b. Enter the authorization port number of the external RADIUS server in the Auth Port text box. The port number is set to 1812 by default. c. Enter a shared key for communicating with the external RADIUS server in the Shared key text box. d. Enter the virtual controller IP address in the NAS IP address text box. The NAS IP address is the virtual controller IP address that is sent in the data packets. 3. Click the Backup link and set appropriate values for the backup RADIUS server. 70 | Authentication Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.0 | User Guide