Home » Netgear Manuals » Wireless » Netgear WFS709TP » Manual Viewer

Netgear WFS709TP WFS709TP Setup Manual - Page 30

Authentication, Captive Portal

UPC - 606449052336

Add to My Manuals
Save this manual to your list of manuals

Page 30 highlights

WFS709TP ProSafe Smart Wireless Switch Software Administration Manual The client determines which AP is best for connecting to the WLAN and attempts to associate with it. During the association exchange, the client and WFS709TP negotiate the data rate, authentication method, and other options. Note: Because an AP connected to a WFS709TP is a Thin AP, all wireless traffic it receives is immediately sent through a GRE tunnel to the WFS709TP. The WFS709TP responds to client requests and communicates with an authentication server on behalf of the client. Therefore, the client authentication and association processes occur between the wireless client and the WFS709TP. Authentication Authentication provides a way to identify a user and provide appropriate access to the network for that user. One or more authentication methods may be used, ranging from secure authentication methods such as 802.1x and captive portal to less secure methods such as MAC address authentication. 802.1x Authentication 802.1x is an IEEE standard used for authenticating clients on any IEEE 802 network. It is an open authentication framework, allowing multiple authentication protocols to operate within the framework. 802.1x operates as a Layer 2 protocol. Successful 802.1x authentication must complete before any higher-layer communication with the network, such as a DHCP exchange to obtain an IP address, is allowed. 802.1x is key-generating, which means that the output of the authentication process can be used to assign dynamic per-user encryption keys. While the configuration of 802.1x authentication on the WFS709TP is fairly simple, 802.1x can require significant work in configuring an external authentication server and wireless client devices. Captive Portal Captive Portal allows a wireless client to authenticate using a web-based portal. Captive portals are typically used in public access wireless hotspots or for hotel in-room Internet access. After a user associates to the wireless network, their device is assigned an IP address. The user must start a web browser and pass an authentication check before access to the network is granted. Captive portal authentication is the simplest form of authentication to use and requires no software installation or configuration on the client. The username/password exchange is encrypted using standard SSL encryption. However, portal authentication does not provide any form of encryption 1-14 v1.0, June 2007 Overview of the WFS709TP

Section	Page
WFS709TP ProSafe Smart Wireless Switch Software Administration Manual	1
Contents	7
About This Manual	13
Conventions, Formats, and Scope	13
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Overview of the WFS709TP	17
WFS709TP System Components	17
NETGEAR ProSafe Access Points	17
WFS709TP ProSafe Switches	21
WFS709TP Software	23
Basic WLAN Configuration	24
Authentication	24
Encryption	26
VLAN	27
Wireless Client Access to the WLAN	29
Association	29
Authentication	30
Client Mobility and AP Association	31
Configuring and Managing the WFS709TP	32
Tools	34
Chapter 2 Deploying a Basic WFS709TP System	37
Configuration Overview	37
Deployment Scenario #1	37
Deployment Scenario #2	38
Deployment Scenario #3	40
Configuring the WFS709TP	41
Run the Initial Setup	42
Configure the Switch for the Access Points	44
Configure a VLAN for Network Connection	46
Connect the WFS709TP to the Network	48
Configure the Loopback for the WFS709TP	49
Deploying APs	50
Enable APs to Connect to the WFS709TP	51
Install APs	54
Provision APs	54
Additional Configuration	56
Chapter 3 Configuring Network Parameters	57
Configuring VLANs	57
Assigning a Static Address to a VLAN	58
Configuring a VLAN to Receive a Dynamic Address	59
Configuring Static Routes	61
Configuring the Loopback IP Address	62
Chapter 4 RF Plan	65
RF Plan Overview	65
Before You Begin	66
Task Overview	66
Planning Requirements	66
Using RF Plan	67
Building List Page	68
Building Specification Overview Page	68
Building Dimension Page	69
AP Modeling Parameters Page	71
AM Modeling Parameters Page	73
Planning Floors Page	74
AP Planning Page	81
AM Planning Page	83
Exporting and Importing Files	84
Locate	85
RF Plan Example	86
Sample Building	86
Create a Building	87
Model the Access Points	88
Model the Air Monitors	89
Add and Edit a Floor	89
Defining Areas	90
Running the AP Plan	93
Running the AM Plan	94
Chapter 5 Configuring WLANS	97
Before You Begin	97
Determine the Authentication Method	98
Determine the Default VLAN	100
Basic WLAN Configuration in the Browser Interface	100
Example Configuration	103
Advanced WLAN Configuration in the Browser Interface	105
Configuring Global Parameters	105
Configuring Location-Specific Parameters	106
Add or Modify SSIDs	106
Configure AP Information	108
Configuring Radio Settings	110
Example Configuration	113
IntelliFi RF Management	115
Channel Setting	115
Power Setting	115
Advantages of Using IRM	115
Configuring IRM	116
Chapter 6 Configuring AAA Servers	119
Configuring an External RADIUS Server	119
Adding Users to the Internal Database	121
Configuring Authentication Timers	122
Chapter 7 Configuring 802.1x Authentication	125
802.1x Authentication	125
Authentication with a RADIUS Server	126
Authentication Terminated on WFS709TP	127
Configuring 802.1x Authentication	128
802.1x Authentication Page	129
Advanced Configuration Options for 802.1x	130
Chapter 8 Configuring the Captive Portal	133
Overview of Captive Portal Functions	133
Configuring Captive Portal	134
Configuring Advanced Captive Portal Options	135
Configuring the AAA Server for Captive Portal	137
Changing the Protocol to HTTP	137
Personalizing the Captive Portal Page	138
Chapter 9 Configuring MAC-Based Authentication	141
Configuring the WFS709TP	141
Configuring Users	142
Chapter 10 Adding Local WFS709TPs	145
Moving to a Multi-Switch Environment	145
Configuring Local WFS709TPs	146
Configuring the Local WFS709TP	146
Configuring L2/L3 Settings	146
Configuring Trusted Ports	147
Configuring APs	147
Rebooting APs	148
Chapter 11 Configuring Redundancy	149
Virtual Router Redundancy Protocol	149
Redundancy Configuration	149
Configuring Local WFS709TP Redundancy	150
Master WFS709TP Redundancy	152
Master-Local WFS709TP Redundancy	153
Chapter 12 Configuring Wireless Intrusion Protection	157
Rogue/Interfering AP Detection	157
Enabling AP Learning	158
Classifying APs	158
Configuring Rogue AP Detection	160
Misconfigured AP Detection	161
Configuring Misconfigured AP Protection	161
Chapter 13 Configuring Management Utilities	163
Configuring Management Users	163
Configuring SNMP	164
SNMP for the WFS709TP	164
SNMP for Access Points	166
SNMP Traps	171
Configuring Logging	174
Creating Guest Accounts	176
Managing Files on the WFS709TP	178
Managing Image Files	179
Backing Up and Restoring the Flash File System	179
Copying Log Files	180
Copying Other Files	180
Installing a Server Certificate	181
Chapter 14 Configuring WFS709TP for Voice	183
Voice over IP Proxy ARP	183
Battery Boost	184
Limiting the Number of Active Voice Calls	185
WPA Fast Handover	186
Appendix A Configuring DHCP with Vendor-Specific Options	187
Overview	187
Windows-Based DHCP Servers	188
Configuring Option 60	188
Configuring Option 43	189
Linux DHCP Servers	190
Appendix B Windows Client Example Configuration for 802.1x	193
Window XP Wireless Client Example Configuration	193
Appendix C Internal Captive Portal	201
Creating a New Internal Web Page	201
Basic HTML Example	203
Installing a New Captive Portal Page	204
Displaying Authentication Error Message	204
Language Customization	206
Customizing the Welcome Page	212
Customizing the Pop-Up Box	214
Customizing the Logged Out Box	215
Appendix D Related Documents	217

Match case Limit results 1 per page

WFS709TP ProSafe Smart Wireless Switch Software Administration Manual

1-14

Overview of the WFS709TP

v1.0, June 2007

The client determines which AP is best for connecting to the WLAN and attempts to associate with

it. During the association exchange, the client and WFS709TP negotiate the data rate,

authentication method, and other options.

Authentication

Authentication provides a way to identify a user and provide appropriate access to the network for

that user. One or more authentication methods may be used, ranging from secure authentication

methods such as 802.1x and captive portal to less secure methods such as MAC address

authentication.

802.1x Authentication

802.1x is an IEEE standard used for authenticating clients on any IEEE 802 network. It is an open

authentication framework, allowing multiple authentication protocols to operate within the

framework. 802.1x operates as a Layer 2 protocol. Successful 802.1x authentication must

complete before any higher-layer communication with the network, such as a DHCP exchange to

obtain an IP address, is allowed.

802.1x is key-generating, which means that the output of the authentication process can be used to

assign dynamic per-user encryption keys. While the configuration of 802.1x authentication on the

WFS709TP is fairly simple, 802.1x can require significant work in configuring an external

authentication server and wireless client devices.

Captive Portal

Captive Portal allows a wireless client to authenticate using a web-based portal. Captive portals

are typically used in public access wireless hotspots or for hotel in-room Internet access. After a

user associates to the wireless network, their device is assigned an IP address. The user must start

a web browser and pass an authentication check before access to the network is granted.

Captive portal authentication is the simplest form of authentication to use and requires no software

installation or configuration on the client. The username/password exchange is encrypted using

standard SSL encryption. However, portal authentication does not provide any form of encryption

Note:

Because an AP connected to a WFS709TP is a Thin AP, all wireless traffic it

receives is immediately sent through a GRE tunnel to the WFS709TP. The

WFS709TP responds to client requests and communicates with an authentication

server on behalf of the client. Therefore, the client authentication and association

processes occur between the wireless client and the WFS709TP.