116 © 2001-2008 D-Link Corporation. All Rights Reserved.
D-Link Unified Access Point Administrator’s Guide
information. The certificate is automatically sent to the RADIUS server for authentication and
authorization.
Configuring the RADIUS Server for Authentication
An external RADIUS server running on the network can support of EAP-TLS smart card/
certificate distribution to clients in a Public Key Infrastructure (PKI) as well as EAP-PEAP
user account setup and authentication.
This section provides an example of configuring an external RADIUS server for the purposes
of authenticating and authorizing TLS-EAP certificates from wireless clients of a particular
Unified Access Point configured for either “WPA/WPA2 Enterprise (RADIUS)” or “IEEE
802.1X” security modes. The intention of this section is to provide some idea of what this
process will look like; procedures will vary depending on the RADIUS server you use and
how you configure it. This example uses the Internet Authentication Service that comes with
Microsoft Windows 2003 server.
NOTE: This appendix does not describe how to set up Administrative users on the
RADIUS server. This example assumes you have already configured
RADIUS server user accounts. You need a RADIUS server user name and
password for both this procedure and the following one that describes how to
obtain and install a certificate on the wireless client. Please consult the
documentation for your RADIUS server for information about setting up user
accounts.
The purpose of this procedure is to identify your Unified Access Point as a “client” to the
RADIUS server. The RADIUS server can then handle authentication and authorization of
wireless clients for the AP. This procedure is required per access point. If you have more than
one access point with which you plan to use an external RADIUS server, you need to follow
these steps for each of those APs.
The information you need to provide to the RADIUS server about the access point
corresponds to settings on the access point (Security) and vice versa. You should have already
provided the RADIUS server IP Address to the AP; in the steps that follow you will provide
the access point IP address to the RADIUS server. The RADIUS Key provided on the AP is
the “shared secret” you will provide to the RADIUS server.
NOTE: The RADIUS server is identified by its IP address and UDP port numbers for
the different services it provides. On the current release of the Unified
Access Point software, the RADIUS server User Datagram Protocol (UDP)
ports used by the access point are not configurable. (The Unified Access
Point is hard-coded to use RADIUS server UDP port 1812 for authentication
and port 1813 for accounting.)
Содержание DWL-8500AP
Страница 2: ...2 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 6: ...6 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 8: ...8 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 14: ...14 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 24: ...24 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 38: ...38 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 90: ...90 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 124: ...124 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...
Страница 152: ...152 2001 2008 D Link Corporation All Rights Reserved D Link Unified Access Point Administrator s Guide...