D-Link DWL-2210AP Product Manual - Page 131
Network Infrastructure and Choosing Between Built-in or External, Authentication Server
View all D-Link DWL-2210AP manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 131 highlights
Appendix A: Configuring Security Settings on Wireless Clients • Configuring an External RADIUS Server to Recognize the D-Link DWL-2210AP • Obtaining a TLS-EAP Certificate for a Client Network Infrastructure and Choosing Between Built-in or External Authentication Server Network security configurations including Public Key Infrastructures (PKI), Remote Authentication Dial-in User Server (RADIUS) servers, and Certificate Authority (CA) can vary a great deal from one organization to the next in terms of how they provide Authentication, Authorization, and Accounting (AAA). Ultimately, the particulars of your infrastructure will determine how clients should configure security to access the wireless network. Rather than try to predict and address the details of every possible scenario, this document provides general guidelines about each type of client configuration supported by the D-Link DWL-2210AP. I Want to Use the Built-in Authentication Server (EAP-PEAP) If you do not have a RADIUS server or PKI infrastructure in place and/or are unfamiliar with many of these concepts, we strongly recommend setting up the D-Link DWL-2210APs with security that uses the Built-in Authentication Server on the AP. This will mean setting up the AP to use either IEEE 802.1x or WPA with RADIUS security mode. (The built-in authentication server uses EAP-PEAP authentication protocol.) • If the D-Link DWL-2210AP is set up to use IEEE 802.1x mode and the Built-in Authentication Server, then configure wireless clients as described in "IEEE 802.1x Client Using EAP/PEAP" in this manual. • If the D-Link DWL-2210AP is configured to use WPA with RADIUS mode and the Built-in Authentication Server, configure wireless clients as described in "WPA with RADIUS Client Using EAP/PEAP" in this manual. I Want to Use an External RADIUS Server with EAP-TLS Certificates or EAP-PEAP We make the assumption that if you have an external RADIUS server and PKI/CA setup, you will know how to configure client security options appropriate to your security infrastructure beyond the fundamental suggestions given here. Topics covered here that particularly relate to client security configuration in a RADIUS - PKI environment are: • "IEEE 802.1x Client Using EAP/TLS Certificate" in this manual. • "WPA with RADIUS Client Using EAP-TLS Certificate" in this manual. • "Configuring an External RADIUS Server to Recognize the D-Link DWL-2210AP" in this manual. • "Obtaining a TLS-EAP Certificate for a Client" in this manual. Details on how to configure an EAP-PEAP client with an external RADIUS server are not covered in this document. 131