RADIUS
Server
Windows 2000 IAS
(Internet Authentication
Service)
IEEE 802.1x
Access Client
Access Point
RADIUS
Client
1
2
3
4
(2) Login with username,
password.
(1) Client requests to login the
network.
(4) Approve or deny user
login to the LAN.
(3) Send username, password to
RADIUS server.
3.2.1.3 802.1x Setting-Certification
Parameter Description
Authentication Type
The EAP authentication protocols this adapter has supported are
included as follows. This setting has to be consistent with the
wireless APs or Routers that the adapter intends to connect.
PEAP &TTLS
– PEAP and TTLS are similar and easier than TLS
in that they specify a stand-alone authentication protocol be used
within an encrypted tunnel. TTLS supports any protocol within its
tunnel, including CHAP, MS-CHAP, MS-CHAPv2, PAP and
EAP-MD5. PEAP specifies that an EAP-compliant authentication
protocol must be used; this adapter supports EAP-MSCHAP v2,
EAP-TLS/Smart adapter and Generic Token Adapter. The client
certificate is optional required for the authentication.
TLS/Smart Adapter
–TLS is the most secure of the EAP
protocols but not easy to use. It requires that digital certificates be
exchanged in the authentication phase. The server presents a
certificate to the client. After validating the server’s certificate, the
client presents a client certificate to the server for validation.
MD5-Challenge –
MD5-Challenge is the easiest EAP Type. It
requires the wireless station to enter a set of user name and
password as the identity to RADIUS Server.
Session Resumption
There are “Disabled”, “Reauthentication”, “Roaming”, “SameSsid”
and “Always” selections for you to choose whether to recovery the
session in different status.
Identity
Enter the name as the identity for the server.
Password
Enter the password as the identity for the server.
17
