Copyright © 2004-2005, Vivato, Inc.
104
WPA with RADIUS
Wi-Fi Protected Access
(
) with
Remote Authentication Dial-In User Service
) is a Wi-Fi
Alliance subset of IEEE
, which includes
Temporal Key Integrity Protocol
),
Counter mode/
CBC-MAC Protocol
(
), and
Advanced Encryption Standard
(
) mechanisms. This mode requires
the use of a RADIUS server to authenticate users, and configuration of user accounts via the Network >
User Management tab.
When configuring WPA with RADIUS mode, you have a choice of whether to use the embedded RADIUS
server or an external RADIUS server that you provide. The Vivato Wi-Fi AP/Bridge embedded RADIUS
server supports Protected
Radius MAC Filtering
When unchecked, client (station) authentication requests are passed directly to the
specified RADIUS server(s).
Checking this box causes the VA4200 to first use the MAC Filtering settings on the
VA4200 to filter clients that are specifically allowed or denied authentication. See
“Navigating to MAC Filtering Settings” on page 57.
If a client’s MAC address is in the active Stations List of allowed or denied clients,
they are authenticated or denied authentication at that point; their authentication
request is not forwarded to the RADIUS server(s).
If a client’s MAC address has not been entered into the active Station List, the cli-
ent’s authentication request is passed to the specified RADIUS server(s). The
RADIUS server must be configured with an account that uses the MAC address for
both a username and a password, and formatted as a string of 12 hex digits without
separating colons, such as 002c31e4161f. MAC authentication uses PAP instead of
PEAP for the Authentication-type, so the Authenticator must be configured accord-
ingly. On Windows IAS, PAP is disabled by default
Radius IP
Enter the Radius IP in the text box.
The
Radius IP
is the IP address of the
(The Vivato Wi-Fi AP/Bridge internal authentication server is
127.0.0.1
.)
For information on setting up user accounts, see “Managing User Accounts” on
page 45.
Radius Key
Enter the Radius Key in the text box.
The
Radius Key
is the shared secret key for the RADIUS server. The text you enter
will be displayed as "*" characters to prevent others from seeing the RADIUS key
as you type.
(The Vivato Wi-Fi AP/Bridge internal authentication server key is
secret
.)
This value is never sent over the network.
Radius Key Confirmation
Re-enter the same Radius Key.
Enable RADIUS Accounting
Click "Enable RADIUS Accounting" to send client information to the RADIUS
accounting server, including the client login time, logout time, and the duration that
the client was logged in.
By default, accounting information is sent to port 1813 on the RADIUS server.
Field(Continued)
Description(Continued)