Dell PowerConnect W-IAP92 Dell Instant 6.2.0.0-3.2.0.0 User Guide - Page 112
Internal RADIUS Server, Authentication Terminated on W-IAP
View all Dell PowerConnect W-IAP92 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 112 highlights
Internal RADIUS Server Each W-IAP has an instance of Free RADIUS server operating locally. When you enable the Internal RADIUS server option for the network, the authenticator on the W-IAP sends a RADIUS packet to the local IP address. The Internal RADIUS server listens and replies to the RADIUS packet. The following authentication methods are supported in Dell W-Instant network: l EAP-TLS- The Extensible Authentication Protocol- Transport Layer Security method supports the termination of EAP-TLS security using the internal RADIUS server. The EAPTLS requires both server and certification authority (CA) certificates installed onto the WIAP.The client certificate is verified on the Virtual Controller (the client certificate must be signed by a known CA) before the user name is checked on the authentication server. l EAP-TTLS (MSCHAPv2)- The Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS) method uses server-side certificates to set up authentication between clients and servers. However, the actual authentication is performed using passwords. l EAP-PEAP (MSCHAPv2)- Protected Extensible Authentication Protocol (PEAP) is an 802.1X authentication method that uses server-side public key certificates to authenticate clients with server. The PEAP authentication creates an encrypted SSL / TLS tunnel between the client and the authentication server. Exchange of information is encrypted and stored in the tunnel ensuring the user credentials are kept secure. l LEAP- Lightweight Extensible Authentication Protocol (LEAP) uses dynamic WEP keys for authentication between the client and authentication server. NOTE: Dell does not recommend to use the LEAP authentication method because it does not provide any resistance to network attacks. External RADIUS Server In the external RADIUS server, the IP address of the Virtual Controller is configured as the NAS IP address. Instant RADIUS is implemented on the Virtual Controller, and this feature eliminates the need to configure multiple NAS clients for every W-IAP on the RADIUS server for client authentication. Instant RADIUS dynamically forwards all the authentication requests from a NAS to a remote RADIUS server. The RADIUS server responds to the authentication request with an Access-Accept or Access-Reject message, and users are allowed or denied access to the network depending on the response from the RADIUS server. When you enable the external RADIUS server option for the network, the authenticator on the W-IAP sends a RADIUS packet to the local IP address. The external RADIUS server then listens and responds to the RADIUS packet. The following authentication methods are supported in Dell W-Instant network: Authentication Terminated on W-IAP Dell W-Instant allows EAP termination for PEAP-GTC and PEAP-MSCHAV2. PEAP-GTC termination allows authorization against an LDAP server and external RADIUS server while PEAPMSCHAV2 allows authorization against an external RADIUS server. This allows users to run PEAP-GTC termination with their own username and password to a local Microsoft Active Directory server with LDAP authentication. The following EAP-Type methods are described below: 112 | Authentication Dell PowerConnect W-Series Instant Access Point 6.2.0.0-3.2.0.0 | User Guide