AT-TQ2403 Management Software User's Guide | 165 |
| |
Configuring WPA/WPA2 Enterprise (RADIUS) Security on a Client
Wi-Fi Protected Access 2 (WPA2) with Remote Authentication Dial-In User Service (RADIUS) is an implementation of the Wi-Fi Alliance IEEE 802.11i standard, which includes Advanced Encryption Standard (AES), Counter mode/CBC-MAC Protocol (CCMP), and Temporal Key Integrity Protocol (TKIP) mechanisms. This mode requires the use of a RADIUS server to authenticate users.
This security mode also provides backwards-compatibility for wireless clients that support only the original WPA.
When you configure WPA/WPA2 Enterprise (RADIUS) security mode on the access point, you have a choice of whether to use the Built-in Authentication Server or an external RADIUS server that you provide.
The AT-TQ2403 Wireless Access Point Built-in Authentication Server supports Protected Extensible Authentication Protocol (EAP) known as "EAP/PEAP" and Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAP V2), which provides authentication for point-to-point (PPP) connections between a Windows-based computer and network devices such as access points.
So, if you configure the network (access point) to use security mode and choose the Built-in Authentication server, you must configure client stations to use WPA/WPA2 Enterprise (RADIUS) and EAP/PEAP.
If you configure the network (access point) to use this security mode with an external RADIUS server, you must configure the client stations to use WPA/WPA2 Enterprise (RADIUS) and whichever security protocol your RADIUS server is configured to use.
WPA/WPA2 Enterprise (RADIUS) Client Using EAP/PEAP
The Built-In Authentication Server on the AT-TQ2403 Wireless Access Point uses Protected Extensible Authentication Protocol (EAP) known as "EAP/PEAP".
∙If you are using the Built-in Authentication server with "WPA/WPA2 Enterprise (RADIUS)" security mode on the AT-TQ2403 Wireless Access Point, then you will need to set up wireless clients to use PEAP.
∙Additionally, you may have an external RADIUS server that uses EAP/PEAP. If so, you will need to (1) add the AT-TQ2403 Wireless Access Point to the list of RADIUS server clients, and (2) configure your "WPA/WPA2 Enterprise (RADIUS)" wireless clients to use PEAP.
Note: The following example assumes you are using the Built-in Authentication server that comes with the AT-TQ2403 Wireless Access Point. If you are setting up EAP/PEAP on a client of an AP that is using an external RADIUS server, the client configuration process will differ somewhat from this example especially with regard to certificate validation.
If you configured the AT-TQ2403 Wireless Access Point to use WPA/WPA2 Enterprise (RADIUS) security mode and to use either the Built-in Authentication Server or an external RADIUS server that uses EAP/PEAP…
