Home » Netgear Manuals » Wireless » Netgear WFS709TP » Manual Viewer

Netgear WFS709TP WFS709TP Setup Manual - Page 98

Determine the Authentication Method, Table 5-1., Authentication Methods - portal

UPC - 606449052336

Add to My Manuals
Save this manual to your list of manuals

Page 98 highlights

WFS709TP ProSafe Smart Wireless Switch Software Administration Manual Determine the Authentication Method A user must authenticate to the system in order to access WLAN resources. Table 5-1 describes the types of authentication that you can configure for a WLAN. Table 5-1. Authentication Methods Method Description None (also called open system authentication) This is the default authentication protocol. The client's identity, in the form of the media access control (MAC) address of the wireless adapter in the wireless client, is passed to the WFS709TP. Essentially, any client requesting access to the WLAN is authenticated. IEEE 802.1x The IEEE 802.1x authentication standard allows for the use of keys that are dynamically generated on a per-user basic (as opposed to a static key that is the same on all devices in the network). The 802.1x standard requires the use of a RADIUS authentication server. Most Lightweight Directory Access Protocol (LDAP) servers do not support 802.1x. Wi-Fi Protected Access (WPA) WPA implements most of the IEEE 802.11i standard. It is designed for use with an 802.1x authentication server (the Wi-Fi Alliance refers to this mode as WPAEnterprise). WPA uses the Temporal Key Integrity Protocol (TKIP) to dynamically change keys and RC4 stream cipher to encrypt data. WPA in pre-shared key (PSK) mode (WPA-PSK) With WPA-PSK, all clients use the same key (the Wi-Fi Alliance refers to this mode as WPA-Personal). In PSK mode, users must enter a passphrase from 8-63 characters to access the network. PSK is intended for home and small office networks where operating an 802.1x authentication server is not practical. WPA2 WPA2 implements the full IEEE 802.11i standard. In addition to WPA features, WPA2 provides Counter Mode with Cipher Blocking Chaining Message Authentication Code Protocol (CCMP) for encryption that uses the Advanced Encryption Standard (AES) algorithm. (The Wi-Fi Alliance refers to this mode as WPA2-Enterprise.) WPA2-PSK WPA2-PSK is WPA2 used in PSK mode, where all clients use the same key. (The Wi-Fi Alliance refers to this mode as WPA2-Personal.) Captive Portal Captive Portal allows users to authenticate using a web-based portal. Captive Portal users can be authenticated to an external authentication server or to the internal database on the WFS709TP. Captive Portal authentication does not provide any type of data encryption beyond the SSL encryption used during the authentication. You can configure WEP encryption or WPA-PSK, or WPA2-PSK authentication in conjunction with Captive Portal. MAC Allows the media access control (MAC) address of a device to be authenticated to an external authentication server or to the internal database on the WFS709TP. You can configure MAC authentication in conjunction with WPAPSK or WPA2-PSK authentication. 5-2 Configuring WLANS v1.0, June 2007

Section	Page
WFS709TP ProSafe Smart Wireless Switch Software Administration Manual	1
Contents	7
About This Manual	13
Conventions, Formats, and Scope	13
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Overview of the WFS709TP	17
WFS709TP System Components	17
NETGEAR ProSafe Access Points	17
WFS709TP ProSafe Switches	21
WFS709TP Software	23
Basic WLAN Configuration	24
Authentication	24
Encryption	26
VLAN	27
Wireless Client Access to the WLAN	29
Association	29
Authentication	30
Client Mobility and AP Association	31
Configuring and Managing the WFS709TP	32
Tools	34
Chapter 2 Deploying a Basic WFS709TP System	37
Configuration Overview	37
Deployment Scenario #1	37
Deployment Scenario #2	38
Deployment Scenario #3	40
Configuring the WFS709TP	41
Run the Initial Setup	42
Configure the Switch for the Access Points	44
Configure a VLAN for Network Connection	46
Connect the WFS709TP to the Network	48
Configure the Loopback for the WFS709TP	49
Deploying APs	50
Enable APs to Connect to the WFS709TP	51
Install APs	54
Provision APs	54
Additional Configuration	56
Chapter 3 Configuring Network Parameters	57
Configuring VLANs	57
Assigning a Static Address to a VLAN	58
Configuring a VLAN to Receive a Dynamic Address	59
Configuring Static Routes	61
Configuring the Loopback IP Address	62
Chapter 4 RF Plan	65
RF Plan Overview	65
Before You Begin	66
Task Overview	66
Planning Requirements	66
Using RF Plan	67
Building List Page	68
Building Specification Overview Page	68
Building Dimension Page	69
AP Modeling Parameters Page	71
AM Modeling Parameters Page	73
Planning Floors Page	74
AP Planning Page	81
AM Planning Page	83
Exporting and Importing Files	84
Locate	85
RF Plan Example	86
Sample Building	86
Create a Building	87
Model the Access Points	88
Model the Air Monitors	89
Add and Edit a Floor	89
Defining Areas	90
Running the AP Plan	93
Running the AM Plan	94
Chapter 5 Configuring WLANS	97
Before You Begin	97
Determine the Authentication Method	98
Determine the Default VLAN	100
Basic WLAN Configuration in the Browser Interface	100
Example Configuration	103
Advanced WLAN Configuration in the Browser Interface	105
Configuring Global Parameters	105
Configuring Location-Specific Parameters	106
Add or Modify SSIDs	106
Configure AP Information	108
Configuring Radio Settings	110
Example Configuration	113
IntelliFi RF Management	115
Channel Setting	115
Power Setting	115
Advantages of Using IRM	115
Configuring IRM	116
Chapter 6 Configuring AAA Servers	119
Configuring an External RADIUS Server	119
Adding Users to the Internal Database	121
Configuring Authentication Timers	122
Chapter 7 Configuring 802.1x Authentication	125
802.1x Authentication	125
Authentication with a RADIUS Server	126
Authentication Terminated on WFS709TP	127
Configuring 802.1x Authentication	128
802.1x Authentication Page	129
Advanced Configuration Options for 802.1x	130
Chapter 8 Configuring the Captive Portal	133
Overview of Captive Portal Functions	133
Configuring Captive Portal	134
Configuring Advanced Captive Portal Options	135
Configuring the AAA Server for Captive Portal	137
Changing the Protocol to HTTP	137
Personalizing the Captive Portal Page	138
Chapter 9 Configuring MAC-Based Authentication	141
Configuring the WFS709TP	141
Configuring Users	142
Chapter 10 Adding Local WFS709TPs	145
Moving to a Multi-Switch Environment	145
Configuring Local WFS709TPs	146
Configuring the Local WFS709TP	146
Configuring L2/L3 Settings	146
Configuring Trusted Ports	147
Configuring APs	147
Rebooting APs	148
Chapter 11 Configuring Redundancy	149
Virtual Router Redundancy Protocol	149
Redundancy Configuration	149
Configuring Local WFS709TP Redundancy	150
Master WFS709TP Redundancy	152
Master-Local WFS709TP Redundancy	153
Chapter 12 Configuring Wireless Intrusion Protection	157
Rogue/Interfering AP Detection	157
Enabling AP Learning	158
Classifying APs	158
Configuring Rogue AP Detection	160
Misconfigured AP Detection	161
Configuring Misconfigured AP Protection	161
Chapter 13 Configuring Management Utilities	163
Configuring Management Users	163
Configuring SNMP	164
SNMP for the WFS709TP	164
SNMP for Access Points	166
SNMP Traps	171
Configuring Logging	174
Creating Guest Accounts	176
Managing Files on the WFS709TP	178
Managing Image Files	179
Backing Up and Restoring the Flash File System	179
Copying Log Files	180
Copying Other Files	180
Installing a Server Certificate	181
Chapter 14 Configuring WFS709TP for Voice	183
Voice over IP Proxy ARP	183
Battery Boost	184
Limiting the Number of Active Voice Calls	185
WPA Fast Handover	186
Appendix A Configuring DHCP with Vendor-Specific Options	187
Overview	187
Windows-Based DHCP Servers	188
Configuring Option 60	188
Configuring Option 43	189
Linux DHCP Servers	190
Appendix B Windows Client Example Configuration for 802.1x	193
Window XP Wireless Client Example Configuration	193
Appendix C Internal Captive Portal	201
Creating a New Internal Web Page	201
Basic HTML Example	203
Installing a New Captive Portal Page	204
Displaying Authentication Error Message	204
Language Customization	206
Customizing the Welcome Page	212
Customizing the Pop-Up Box	214
Customizing the Logged Out Box	215
Appendix D Related Documents	217

Match case Limit results 1 per page

WFS709TP ProSafe Smart Wireless Switch Software Administration Manual

5-2

Configuring WLANS

v1.0, June 2007

Determine the Authentication Method

A user must authenticate to the system in order to access WLAN resources.

Table 5-1

describes the

types of authentication that you can configure for a WLAN.

Table 5-1.

Authentication Methods

Method

Description

None (also called open

system authentication)

This is the default authentication protocol. The client’s identity, in the form of the

media access control (MAC) address of the wireless adapter in the wireless

client, is passed to the WFS709TP. Essentially, any client requesting access to

the WLAN is authenticated.

IEEE 802.1x

The IEEE 802.1x authentication standard allows for the use of keys that are

dynamically generated on a per-user basic (as opposed to a static key that is the

same on all devices in the network).

The 802.1x standard requires the use of a RADIUS authentication server. Most

Lightweight Directory Access Protocol (LDAP) servers do not support 802.1x.

Wi-Fi Protected Access

(WPA)

WPA implements most of the IEEE 802.11i standard. It is designed for use with

an 802.1x authentication server (the Wi-Fi Alliance refers to this mode as WPA-

Enterprise). WPA uses the Temporal Key Integrity Protocol (TKIP) to dynamically

change keys and RC4 stream cipher to encrypt data.

WPA in pre-shared key

(PSK) mode (WPA-PSK)

With WPA-PSK, all clients use the same key (the Wi-Fi Alliance refers to this

mode as WPA-Personal).

In PSK mode, users must enter a passphrase from 8-63 characters to access

the network. PSK is intended for home and small office networks where

operating an 802.1x authentication server is not practical.

WPA2

WPA2 implements the full IEEE 802.11i standard. In addition to WPA features,

WPA2 provides Counter Mode with Cipher Blocking Chaining Message

Authentication Code Protocol (CCMP) for encryption that uses the Advanced

Encryption Standard (AES) algorithm. (The Wi-Fi Alliance refers to this mode as

WPA2-Enterprise.)

WPA2-PSK

WPA2-PSK is WPA2 used in PSK mode, where all clients use the same key.

(The Wi-Fi Alliance refers to this mode as WPA2-Personal.)

Captive Portal

Captive Portal allows users to authenticate using a web-based portal. Captive

Portal users can be authenticated to an external authentication server or to the

internal database on the WFS709TP. Captive Portal authentication does not

provide any type of data encryption beyond the SSL encryption used during the

authentication. You can configure WEP encryption or WPA-PSK, or WPA2-PSK

authentication in conjunction with Captive Portal.

MAC

Allows the media access control (MAC) address of a device to be authenticated

to an external authentication server or to the internal database on the

WFS709TP. You can configure MAC authentication in conjunction with WPA-

PSK or WPA2-PSK authentication.