Symbol Technologies WS 2000 manual Security-How to Configure 802.1x EAP Authentication

Page 58

Security—How to Configure 802.1x EAP Authentication

6.Set the maximum number of retries (Max. Retries) for a client to successfully reauthenticate after failing to complete the EAP process. If the mobile unit fails the authentication process in specified number of retries, the switch will terminate the connection to the mobile unit.

7.The administrator is required to specify the IP address of a primary RADIUS server for this type of authentication to work. Providing the IP address of a secondary server is optional. The secondary server acts as a failover server if the switch cannot successfully contact the primary server.

8.Specify the port on which the primary RADIUS server is listening in the Radius port field. Optionally, specify the port of a secondary (failover) server. Older RADIUS servers listen on ports 1645 and 1646. Newer servers listen on ports 1812 and 1813. Port 1645 or 1812 is used for authentication. Port 1646 or 1813 is used for accounting. The ISP or a network administrator can confirm the appropriate primary and secondary port numbers.

9.The administrator can specify a Radius shared secret for authentication on the primary RADIUS server. Shared secrets are used to verify that RADIUS messages, with the exception of the Access-Request message, are sent by a RADIUS-enabled device that is configured with the same shared secret. The shared secret is a case-sensitive string that can have letters, numbers, or symbols. Make the shared secret at least 22 characters long to protect the RADIUS server from brute-force attacks.

10.The MU Quiet Period field allows the administrator to specify the idle time (in seconds) between a mobile unit’s authentication attempts, as required by the server.

11.The MU Timeout allows the administrator to specify the time (in seconds) for the mobile unit’s retransmission of EAP-Request packets.

12.The MU Tx Period field allows the administrator to specify the time period (in seconds) for the server’s retransmission of the EAP-Request/Identity frame.

13.The MU Max Retries field allows the administrator to set the maximum number of times for the mobile unit to retransmit an EAP-Request frame to the server before it times out the authentication session. Note that this is a different value from the Max Retry field at the top of the window.

14.The Server Timeout indicates the maximum time (in seconds) that the switch will wait for the server’s transmission of EAP Transmit packets.

15.The Server Max Retries field allows the administrator to set the maximum number of times for the server to retransmit an EAP-Request frame to the client before it times out the authentication session. Note that this is a different value from the Max Retry field at the top of the window.

16.Click the Apply button to save changes.

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

58

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

 

Page 57 Page 59
Image 58
Page 57 Page 59
Contents System Reference WS 2000 Wireless Switch Version72E-67701-01 Rev a March Copyright PatentsTable of Contents Chapter Advanced Configuration Chapter Field Office Example 111 About this Document WS 2000 Wireless Switch System Reference GuideDocument Conventions System Overview Management of Access PortsWireless LAN Wlan Security Firewall SecurityPhysical Specifications Technical SpecificationsHardware Overview Power Specifications Operating System OS ServicesCell Controller Services Environmental SpecificationsGateway Services 802.11a Support 802.11b SupportAccess Ports WS 2000 Wireless Switch Firewall Gateway ServicesNetwork Address Translation NAT Dhcp Client and Server Layer 3 RoutingSnmp Management Support OverviewWEP 64 40-bit key 802.1x with Radius AuthenticationWEP 128 104-bit Key 802.1x with Shared Key Authentication Kerberos AuthenticationWireless Protected Access WPA KeyGuard-MCM SupportSet up Communication to the Switch Installing the SwitchGetting Started Overview Getting Started Overview Changing the Administrator Password Configure the LAN Interface Configuring the SwitchDefining the Subnets Field DescriptionConfigure Subnets InterfacesDhcp Configuration Advanced Dhcp Settings Configure the WAN Interface Communicating with the Outside WorldSetting Up Point-to-Point over Ethernet PPPoE Communication Enable Wireless LANs WLANs ChapWireless Summary Area Configure WLANs Access Port AdoptionField Description Name Configure Wlan SecuritySubnet Setting the Authentication Method 802.1x EAP AuthenticationKerberos Authentication Setting the Encryption MethodConfiguring WEP Encryption Configuring WPA-TKIP Configure Wlan Security KeyGuard-MCM No EncryptionConfigure Access Ports Mobile Unit Access Control List ACLConfigure Access Ports Configure Subnet Access NameColor Access Type Description Green Access Overview TableAccess Exception Area YellowProtocol Transport Description Port Used HttpTransport Description ALLAdvanced Configuration WLAN-How to Configure Advanced SettingsWLAN-Setting Default Access Port Settings WLAN-Setting Default Access Port Settings Beacon Interval Dtim PeriodPrimary Wlan WLAN-Advanced Access Port SettingsSecurity Beacon WLAN-Advanced Access Port Settings Beacon is a packet broadcast by the adopted access ports to Gateway-How to Configure Network Address Translation NAT Gateway-How to Configure Network Address Translation NAT Gateway-How to Configure the WS 2000 Firewall Always On Firewall FiltersConfigurable Firewall Filters Gateway-How to Configure Static Routes Mime Flood Attack CheckNo RIP Setting the RIP ConfigurationDefining Routes RIPCompat Security-How to Configure 802.1x EAP AuthenticationRIP v2 NoneSecurity-How to Configure 802.1x EAP Authentication Security-How to Configure 802.1x EAP Authentication Security-How to Configure Kerberos Authentication Security-How to Specify a Network Time Protocol NTP Server Overview Switch SettingsWS 2000 Wireless Switch LED Functions Location DescriptionChanging the Name of the Switch Change the Location and Country Settings of the WS Location fieldHow to Restart the WS 2000 Wireless Switch Updating the WS 2000 Wireless Switch’s FirmwareChecking for and Downloading Firmware updates Performing the Firmware UpdateSystem Configuration Exporting and Importing Wireless Switch SettingsTo Import Settings to a Local File To Import or Export Settings to an FTP SiteTo Export Settings to a Local File How to Restore Default Configuration Settings Property Value Setting the Snmp Version Configuration Remote AdministrationHow to Configure Snmp Traps Setting Up Snmp v1/v2c Community DefinitionsAuthNoPriv Setting Up Snmp v3 Community DefinitionsNoAuth AuthPrivSetting Up the Access Control List Setting the Trap ConfigurationTrap Trap Name Generates a Trap when… Category AuthenticationConfiguration Cold StartSetting the Trap Configuration for Snmp v1/v2c Configure Administrator Access Setting the Trap Configuration for SnmpConfigure Management Access Access Port DescriptionChanging the Administrator and Manager Passwords Access Port StatisticsSetup AirBEAM Software Access Statistics and LogsGeneral Access Port Information Received and Transmitted Tables Associated Mobile UnitsSubnet Statistics Received Field Description Transmitted Description FieldWAN Statistics InterfacesReceived Field Description Setting Up and Viewing the System Log Viewing the Log on the SwitchSetting Up a Log Server Retail Use Cases BackgroundPlan Configuring the System Settings Contacting the Wireless SwitchEntering the Basic System Settings Setting Access Control IP Address Plan Configuring the SubnetsSubnet IP Address Range Configuring POS Subnet For each subnetConfiguring the Printer Subnet Retail Use Cases Configuring the Cafe Subnet Retail Use Cases Configuring the WAN Interface Configuring Network Address Translation NAT Retail Use Cases Switch Port Connected to Configuring the Access PortsSetting Access Port Defaults Inspecting the FirewallNaming the POS Access Port Configuring the Printer Access Port Configuring the Cafe Access Port Associating the Access Ports to the WLANs Configuring the WLANs Configuring the Cafe WlanConfiguring the Printer Wlan Name PrinterConfiguring the POS Wlan For the POS WLAN, she makes the following choicesSetting Subnet Access Retail Use Cases Wireless Authentication Encryption Channel Testing ConnectionsConfiguring the Clients Client IP Address Subnet Mask Gateway PortField Office Example Plan Configuring the System Settings Entering the Basic System Settings Setting Access Control Field Office Example Configuring the LAN Configuring the Engineering LANField Office Example Field Office Example Configuring the Sales Subnet Configuring the WAN Field Office Example Setting Up Network Address Translation Field Office Example MAC Address Location Confirm Firewall ConfigurationAdopting Access Ports Adoption List LabelField Office Example Configuring the WLANs Security Field Office Example Wlan Field Office Example Field Office Example Field Office Example Access Port Channel Configuring Subnet Access Installing the Access Ports and Testing Appendix A. Sample Configuration File NTP menu Wlan 1 configuration set mode 1 enable Wlan 3 configuration set mode 3 disable Default 802.11 a radio configuration set reg a in/out 149 Access Port configuration LAN Dhcp configuration network Firewall configuration set syn enable Outbound 1-To-Many NAT configuration set outb map s1 Page Index FTP Snmp 802.1x EAP authentication
Top Page Image Contents