Dell W-Series 277 Instant 6.4.3.1-4.2 User Guide - Page 159
Authentication Termination on W-IAP, Configuring Authentication Servers, Internal RADIUS Server
![]() |
View all Dell W-Series 277 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 159 highlights
Authentication Termination on W-IAP W-IAPs support EAP termination for enterprise WLAN SSIDs. The EAP termination can reduce the number of exchange packets between the W-IAP and the authentication servers. Instant allows Extensible Authentication Protocol (EAP) termination for Protected Extensible Authentication Protocol (PEAP)-Generic Token Card (PEAPGTC) and Protected Extensible Authentication Protocol-Microsoft Challenge Authentication Protocol version 2 (PEAP-MSCHAV2). PEAP-GTC termination allows authorization against an Lightweight Directory Access Protocol (LDAP) server and external RADIUS server while PEAP-MSCHAV2 allows authorization against an external RADIUS server. This allows the users to run PEAP-GTC termination with their username and password to a local Microsoft Active Directory server with LDAP authentication. l EAP-Generic Token Card (GTC)- This EAP method permits the transfer of unencrypted usernames and passwords from client to server. The main uses for EAP-GTC are one-time token cards such as SecureID and the use of LDAP or RADIUS as the user authentication server. You can also enable caching of user credentials on the W-IAP to an external authentication server for user data backup. l EAP-Microsoft Challenge Authentication Protocol version 2 (MS-CHAPv2)- This EAP method is widely supported by Microsoft clients. A RADIUS server must be used as the back-end authentication server. Configuring Authentication Servers This section describes the following procedures: l Configuring an External Server for Authentication on page 164 l Enabling RADIUS Communication over TLS on page 169 l Configuring Dynamic RADIUS Proxy Parameters on page 171 Supported Authentication Servers Based on the security requirements, you can configure internal or external authentication servers. This section describes the types of servers that can be configured for client authentication: l Internal RADIUS Server on page 159 l External RADIUS Server on page 160 l Dynamic Load Balancing between Two Authentication Servers on page 164 In 6.4.0.2-4.1 release, you can configure TACACS+ server for authenticating management users. For more information, on management users and TACACS+ server based authentication, see Configuring Authentication Parameters for Management Users . Internal RADIUS Server Each W-IAP has an instance of free RADIUS server operating locally. When you enable the internal RADIUS server option for the network, the client on the W-IAP sends a RADIUS packet to the local IP address. The internal RADIUS server listens and replies to the RADIUS packet. Instant serves as a RADIUS server for 802.1X authentication. However, the internal RADIUS server can also be configured as a backup RADIUS server for an external RADIUS server. 159 | Authentication and User Management Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide
![](/manual_guide/products/dell-wseries-277-instant-643142-user-guide-05f1cf7/159.png)