D-Link DWL-8500AP Product Manual - Page 113

A Wireless Client Settings and RADIUS Server Setup 2. Configure the following settings on the Association and Authentication tabs on the Network Properties dialog. Network Authentication WPA Data Encryption TKIP or AES depending on how this option is configured on the access point. Note: When the Cipher Suite on the access point is set to "Both", then TKIP clients with a valid TKIP key and AES clients with a valid CCMP (AES) key can associate with the access point. For more information, see Administrators Guide and Online Help on the access point. 3. Configure this setting on the Authentication tab. EAP Type Choose "Protected EAP (PEAP)" 4. Click Properties to bring up the Protected EAP Properties dialog and configure the following settings. Validate Server Certificate Disable this option (click to uncheck the box). Note: This example assumes you are using the Built-in Authentication server on the AP. If you are setting up EAP/PEAP on a client of an AP that is using an external RADIUS server, you might certificate validation and choose a certificate, depending on your infrastructure. Select Authentication Method Choose "Secured password (EAP-MSCHAP v2)" 5. Click Configure to bring up the EAP MSCHAP v2 Properties dialog. On this dialog, disable (click to uncheck) the option to "Automatically use my Windows login name..." so that upon login you will be prompted for user name and password. 6. Click OK on all dialogs (starting with the EAP MSCHAP v2 Properties dialog) to close and save your changes. "WPA/WPA2 Enterprise (RADIUS)" PEAP clients should now be able to associate with the access point. Client users will be prompted for a user name and password to authenticate with the network. WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate Extensible Authentication Protocol (EAP) Transport Layer Security (TLS), or EAP-TLS, is an authentication protocol that supports the use of smart cards and certificates. You have the option of using EAP-TLS with both WPA/WPA2 Enterprise (RADIUS) and IEEE 802.1X modes if you have an external RADIUS server on the network to support it. If you want to use IEEE 802.1X mode with EAP-TLS certificates for authentication and authorization of clients, you must have an external RADIUS server and a Public Key Authority Infrastructure (PKI), including a Certificate Authority (CA), server configured on your network. It is beyond the scope of this document to describe these configuration of the RADIUS server, PKI, and CA server. Consult the documentation for those products. For more information about Microsoft Windows PKI software, see the Microsoft Web site: http://support.microsoft.com. Configuring WPA/WPA2 Enterprise (RADIUS) 113