Home » Netgear Manuals » Wireless » Netgear WFS709TP » Manual Viewer

Netgear WFS709TP WFS709TP Setup Manual - Page 125

Configuring 802.1x Authentication, 802.1x Authentication - certificate

UPC - 606449052336

Add to My Manuals
Save this manual to your list of manuals

Page 125 highlights

Chapter 7 Configuring 802.1x Authentication 802.1x is an Institute of Electrical and Electronics Engineers (IEEE) standard that provides an authentication framework for wireless LANs (WLANs). 802.1x uses the Extensible Authentication Protocol (EAP) to exchange messages during the authentication process. The authentication protocols that operate inside the 802.1x framework that are suitable for wireless networks include EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), and EAPTunneled TLS (EAP-TTLS). These protocols allow the network to authenticate the client while also allowing the client to authenticate the network. This chapter describes the following topics: • "802.1x Authentication" on page 7-1 • "Configuring 802.1x Authentication" on page 7-4 • "Advanced Configuration Options for 802.1x" on page 7-6 802.1x Authentication 802.1x authentication consists of three components: • The supplicant, or client, is the device attempting to gain access to the network. You can configure your system to support 802.1x authentication for wired users as well as wireless users. • The authenticator is the gatekeeper to the network and permits or denies access to the supplicants. The WFS709TP ProSafe Smart Wireless Switch acts as the authenticator, relaying information between the authentication server and supplicant. The EAP type must be consistent between the authentication server and supplicant and is transparent to the WFS709TP. • The authentication server provides a database of information required for authentication and informs the authenticator to deny or permit access to the supplicant. The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS) server that can authenticate either users (through passwords or certificates) or the client computer. 7-1 v1.0, June 2007

Section	Page
WFS709TP ProSafe Smart Wireless Switch Software Administration Manual	1
Contents	7
About This Manual	13
Conventions, Formats, and Scope	13
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Overview of the WFS709TP	17
WFS709TP System Components	17
NETGEAR ProSafe Access Points	17
WFS709TP ProSafe Switches	21
WFS709TP Software	23
Basic WLAN Configuration	24
Authentication	24
Encryption	26
VLAN	27
Wireless Client Access to the WLAN	29
Association	29
Authentication	30
Client Mobility and AP Association	31
Configuring and Managing the WFS709TP	32
Tools	34
Chapter 2 Deploying a Basic WFS709TP System	37
Configuration Overview	37
Deployment Scenario #1	37
Deployment Scenario #2	38
Deployment Scenario #3	40
Configuring the WFS709TP	41
Run the Initial Setup	42
Configure the Switch for the Access Points	44
Configure a VLAN for Network Connection	46
Connect the WFS709TP to the Network	48
Configure the Loopback for the WFS709TP	49
Deploying APs	50
Enable APs to Connect to the WFS709TP	51
Install APs	54
Provision APs	54
Additional Configuration	56
Chapter 3 Configuring Network Parameters	57
Configuring VLANs	57
Assigning a Static Address to a VLAN	58
Configuring a VLAN to Receive a Dynamic Address	59
Configuring Static Routes	61
Configuring the Loopback IP Address	62
Chapter 4 RF Plan	65
RF Plan Overview	65
Before You Begin	66
Task Overview	66
Planning Requirements	66
Using RF Plan	67
Building List Page	68
Building Specification Overview Page	68
Building Dimension Page	69
AP Modeling Parameters Page	71
AM Modeling Parameters Page	73
Planning Floors Page	74
AP Planning Page	81
AM Planning Page	83
Exporting and Importing Files	84
Locate	85
RF Plan Example	86
Sample Building	86
Create a Building	87
Model the Access Points	88
Model the Air Monitors	89
Add and Edit a Floor	89
Defining Areas	90
Running the AP Plan	93
Running the AM Plan	94
Chapter 5 Configuring WLANS	97
Before You Begin	97
Determine the Authentication Method	98
Determine the Default VLAN	100
Basic WLAN Configuration in the Browser Interface	100
Example Configuration	103
Advanced WLAN Configuration in the Browser Interface	105
Configuring Global Parameters	105
Configuring Location-Specific Parameters	106
Add or Modify SSIDs	106
Configure AP Information	108
Configuring Radio Settings	110
Example Configuration	113
IntelliFi RF Management	115
Channel Setting	115
Power Setting	115
Advantages of Using IRM	115
Configuring IRM	116
Chapter 6 Configuring AAA Servers	119
Configuring an External RADIUS Server	119
Adding Users to the Internal Database	121
Configuring Authentication Timers	122
Chapter 7 Configuring 802.1x Authentication	125
802.1x Authentication	125
Authentication with a RADIUS Server	126
Authentication Terminated on WFS709TP	127
Configuring 802.1x Authentication	128
802.1x Authentication Page	129
Advanced Configuration Options for 802.1x	130
Chapter 8 Configuring the Captive Portal	133
Overview of Captive Portal Functions	133
Configuring Captive Portal	134
Configuring Advanced Captive Portal Options	135
Configuring the AAA Server for Captive Portal	137
Changing the Protocol to HTTP	137
Personalizing the Captive Portal Page	138
Chapter 9 Configuring MAC-Based Authentication	141
Configuring the WFS709TP	141
Configuring Users	142
Chapter 10 Adding Local WFS709TPs	145
Moving to a Multi-Switch Environment	145
Configuring Local WFS709TPs	146
Configuring the Local WFS709TP	146
Configuring L2/L3 Settings	146
Configuring Trusted Ports	147
Configuring APs	147
Rebooting APs	148
Chapter 11 Configuring Redundancy	149
Virtual Router Redundancy Protocol	149
Redundancy Configuration	149
Configuring Local WFS709TP Redundancy	150
Master WFS709TP Redundancy	152
Master-Local WFS709TP Redundancy	153
Chapter 12 Configuring Wireless Intrusion Protection	157
Rogue/Interfering AP Detection	157
Enabling AP Learning	158
Classifying APs	158
Configuring Rogue AP Detection	160
Misconfigured AP Detection	161
Configuring Misconfigured AP Protection	161
Chapter 13 Configuring Management Utilities	163
Configuring Management Users	163
Configuring SNMP	164
SNMP for the WFS709TP	164
SNMP for Access Points	166
SNMP Traps	171
Configuring Logging	174
Creating Guest Accounts	176
Managing Files on the WFS709TP	178
Managing Image Files	179
Backing Up and Restoring the Flash File System	179
Copying Log Files	180
Copying Other Files	180
Installing a Server Certificate	181
Chapter 14 Configuring WFS709TP for Voice	183
Voice over IP Proxy ARP	183
Battery Boost	184
Limiting the Number of Active Voice Calls	185
WPA Fast Handover	186
Appendix A Configuring DHCP with Vendor-Specific Options	187
Overview	187
Windows-Based DHCP Servers	188
Configuring Option 60	188
Configuring Option 43	189
Linux DHCP Servers	190
Appendix B Windows Client Example Configuration for 802.1x	193
Window XP Wireless Client Example Configuration	193
Appendix C Internal Captive Portal	201
Creating a New Internal Web Page	201
Basic HTML Example	203
Installing a New Captive Portal Page	204
Displaying Authentication Error Message	204
Language Customization	206
Customizing the Welcome Page	212
Customizing the Pop-Up Box	214
Customizing the Logged Out Box	215
Appendix D Related Documents	217

Match case Limit results 1 per page

7-1

v1.0, June 2007

Chapter 7

Configuring 802.1x Authentication

802.1x is an Institute of Electrical and Electronics Engineers (IEEE) standard that provides an

authentication framework for wireless LANs (WLANs). 802.1x uses the Extensible

Authentication Protocol (EAP) to exchange messages during the authentication process. The

authentication protocols that operate inside the 802.1x framework that are suitable for wireless

networks include EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), and EAP-

Tunneled TLS (EAP-TTLS). These protocols allow the network to authenticate the client while

also allowing the client to authenticate the network.

This chapter describes the following topics:

•

“802.1x Authentication” on page 7-1

•

“Configuring 802.1x Authentication” on page 7-4

•

“Advanced Configuration Options for 802.1x” on page 7-6

802.1x Authentication

802.1x authentication consists of three components:

•

The

supplicant

, or client, is the device attempting to gain access to the network. You can

configure your system to support 802.1x authentication for wired users as well as wireless

users.

•

The

authenticator

is the gatekeeper to the network and permits or denies access to the

supplicants. The WFS709TP ProSafe Smart Wireless Switch acts as the authenticator, relaying

information between the authentication server and supplicant. The EAP type must be

consistent between the authentication server and supplicant and is transparent to the

WFS709TP.

•

The

authentication serve

r provides a database of information required for authentication and

informs the authenticator to deny or permit access to the supplicant.

The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User

Service (RADIUS) server that can authenticate either users (through passwords or certificates)

or the client computer.