Epson IWE3200-H manual Radius

Page 60

2.13.2. RADIUS

IEEE 802.1x Port-Based Network Access Control is a standard for solving some security issues asso- ciated with IEEE 802.11, such as lack of user-based authentication and dynamic encryption key dis- tribution. With IEEE 802.1x, a RADIUS (Remote Authentication Dial-In User Service) server, and a user account database, an enterprise or ISP (Internet Service Provider) can manage its mobile users’ access to its wireless LANs. Before granting access to a wireless LAN supporting IEEE 802.1x, a user has to issue his or her user name and password or digital certificate to the backend RADIUS server by EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS server can record ac- counting information such as when a user logs on to the wireless LAN and logs off from the wireless LAN for monitoring or billing purposes.

The IEEE 802.1x functionality of the access point is controlled by the security mode (see Section 2.12.2.1). So far, the wireless access point supports two authentication mechanisms—EAP-MD5 (Message Digest version 5), EAP-TLS (Transport Layer Security). If EAP-MD5 is used, the user has to give his or her user name and password for authentication. If EAP-TLS is used, the wireless client computer automatically gives the user’s digital certificate that is stored in the computer hard disk or a smart card for authentication. And after a successful EAP-TLS authentication, a session key is auto- matically generated for wireless packets encryption between the wireless client computer and its asso- ciated wireless access point. To sum up, EAP-MD5 supports only user authentication, while EAP-TLS supports user authentication as well as dynamic encryption key distribution.

Fig. 88. IEEE 802.1x and RADIUS.

The IWE3200-Hsupports IEEE 802.1x and can be configured to communicate with two RADIUS servers. When the primary RADIUS server fails to respond, the IWE3200-Hwill try to communicate with the secondary RADIUS server. You can specify the length of timeout and the number of retries before communicating with the secondary RADIUS server after failing to communicate with the pri- mary RADIUS server.

An IEEE 802.1x-capable wireless access point and its RADIUS server(s) share a secret key so that they can authenticate each other. In addition to its IP address, a wireless access point can identify it- self by an NAS (Network Access Server) identifier. Each IEEE 802.1x-capable wireless access point must have a unique NAS identifier.

55

Page 59 Page 61
Image 60
Page 59 Page 61
Contents User’s Guide Federal Communication Commission Interference Statement TTE Compliance Statement Table of Contents Page Introduction OverviewFeatures User Authentication, Authorization, and AccountingIeee 802.11b/g Compliant „ Wireless Operation Internet Connection Sharing Network Security Firmware Tools ManagementPage Feature Comparison LED DefinitionFirst-Time Installation and Configuration Selecting a Power Supply MethodMounting the IWE3200-H on a Wall Mounting the IWE3200-H on a wallPreparing for Configuration Connecting the Managing Computer and the IWE3200-HConfiguring the IWE3200-H Changing the TCP/IP Settings of the Managing ComputerEntering the User Name and Password Setup Wizard Selecting an Operational Mode HomeSetup Wizard Configuring TCP/IP Settings Router with a PPPoE-Based DSL/Cable Connec- tionRouter with a DHCP-Based DSL/Cable Connec- tion Router with a Static-IP DSL/Cable Connection Router with a Multiple DSL/Cable ConnectionsSetup Wizard Dhcp Server Settings Setup Wizard Configure Ieee 802.11 Set- tingsConfiguring User Authentication Settings Web RedirectionLocal Authentication Sever To setup the Local Authentication methodPage How to Setup the mini-POS Ticket Printer To setup the mini-POS Ticket PrinterUsage of control keypad Configuring Radius Settings IeeeDeploying the IWE3200-H Setting up Client Computers Configuring Ieee 802.11-Related SettingsTo establish a wireless link to an AP Configuring TCP/IP-Related Settings Authentication success Using Web-Based Network Management Menu StructureAAA. Authentication, Authorization, and Accounting settings Save, Save & Restart, and Cancel Commands Home and Refresh CommandsIWE3200-H Associated Wireless Clients Authenticated UsersSeeing Status Account Table Session ListSpecifying Operational Mode SystemManaged LAN Devices Page Changing Password Backing up and Restoring Configuration Set- tings by HttpTo upgrade firmware of the access Router by Http Managing FirmwareTo back up configuration of the access Router by Http To restore configuration of the access Router by HttpUpgrading Firmware by Tftp To upgrade firmware of the access Router by Tftp TIPBacking up and Restoring Configuration Set- tings by Tftp To back up configuration of the access Router by TftpTo restore configuration of the IWE3200-H by Tftp Configuring TCP/IP Related Settings Setting Time ZoneResetting Configuration to Factory Defaults AddressRouter with a PPPoE-Based DSL/Cable Con- nection Router with a Static-IP DSL/Cable Connection DNS Router with Multiple DSL/Cable ConnectionsDNS Proxy NAT Static DNS MappingsBasic To give an internal server a domain nameTo expose preset internal servers Dhcp ServerVirtual Server Mappings FunctionalityStatic Dhcp Mappings Load Balancing Policy Settings Load BalancingConfiguring Wireless Settings Zero Client ReconfigurationCommunication Wireless Distribution System Wireless Distribution System settings To enable a WDS linkSecurity Page MAC-Address-Based Access Control Set the Access control type to exclusiveTo delete an entry in the access control table Web Redirection Web-redirection mechanismWeb redirection enabled with authentication Default authentication failure warning Unrestricted ClientsWalled Garden To specify a uncontrolled computer by MAC addressTo add a link to the walled garden Radius Robustness Authentication Session Control Authentication Page CustomizationAuthentication success page customization settings To specify an advertisement linkAdvertisement links settings DdnsConfiguring Advanced Settings Filters and FirewallPacket Filters To set a rule for packet filteringVlan FirewallURL Filters Management UPnPTo block Http traffic to an unwelcome Web site System Log LAN Device Management SnmpTo specify a trap target Example for LAN device management To specify a LAN device to manageDefault Settings Authentication LED DefinitionsRear Panel DNS ProxyAppendix B Troubleshooting TCP/IP Settings ProblemsIWE3200-H does not respond to ping from the client computer Wireless Settings Problems Cannot access the InternetOther Problems Wireless Gateway/AP BrowseIWE3200-H Configuration and Management Power SupplyDimensions without antenna WeightIWE500-INJ Power Injector IWE810-POS mini-POS Ticket Printer
Top Page Image Contents