Netgear WFS709TP WFS709TP Setup Manual - Page 128
Configuring 802.1x Authentication, EAP-Generic Token Card GTC: Described in RFC 2284
UPC - 606449052336
View all Netgear WFS709TP manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 128 highlights
WFS709TP ProSafe Smart Wireless Switch Software Administration Manual In this scenario, the supplicant must be configured for Protected EAP (PEAP), as the WFS709TP only supports PEAP. PEAP uses Transport Layer Security (TLS) to create an encrypted tunnel. Within the tunnel, one of the following EAP methods is used: • EAP-Generic Token Card (GTC): Described in RFC 2284, this EAP method permits the transfer of unencrypted usernames and passwords from client to server. The main uses for EAP-GTC are one-time token cards such as SecureID and the use of an LDAP or RADIUS server as the user authentication server. You can also enable caching of user credentials on the WFS709TP as a backup to an external authentication server. • EAP-Microsoft Challenge Authentication Protocol version 2 (MS-CHAPv2): Described in RFC 2759, this EAP method is widely supported by Microsoft clients. A RADIUS server must be used as the backend authentication server. Note: You must install a server certificate in the WFS709TP for AAA FastConnect, as described in "Installing a Server Certificate" on page 13-19. If you are using the WFS709TP's internal database for user authentication, you need to add the names and passwords of the users to be authenticated. If you are using an LDAP server for user authentication, you need to configure the LDAP server on the WFS709TP, and configure user IDs and passwords. If you are using a RADIUS server for user authentication, you need to configure the RADIUS server on the WFS709TP. Configuring 802.1x Authentication On the WFS709TP, use the following steps to configure a wireless network that uses 802.1x authentication: 1. Configure the 802.1x RADIUS authentication server. Note: If you are using EAP-GTC within a PEAP tunnel, you can configure either an LDAP or a RADIUS server as the authentication server. If you are using AAA FastConnect, you can use a non-802.1x server or the WFS709TP's internal database. See Chapter 6, "Configuring AAA Servers". 2. Configure 802.1x authentication. See "802.1x Authentication Page" on page 7-5. 3. Configure the VLANs to which the authenticated users will be assigned. See Chapter 3, "Configuring Network Parameters". 7-4 Configuring 802.1x Authentication v1.0, June 2007