Using the Configuration Utility (continued)
Home > User Manager > Management Type > RADIUS > 802.1x
Select Enable to use the 802.1x feature. The DSA-3100 supports integrated single sign-on when using with 802.1x enabled access points. By using the integrated RA- DIUS proxy function in the DSA-3100, users can use the EAP methods such as EAP- MD5 or EAP-TLS to login and get the service depending on the authenticatio methods which the backend RADIUS server and APs support.
The assumption, for this scenario, is that the network administrator had configured an EAP-enabled RADIUS server like Microsoft Internet Authentication Service on Win- dows 2000 or .NET Server 2003. If EAP-TLS is required for the dynamic key exchange, Microsoft Certification is also required. It is also recommended that the system admin- istrator perform an authentication test to make sure everything is correct before con- necting the network to the DSA-3100. (802.1x is available only when RADIUS is se- lected here, under Management Type in the DSA-3100 Configuration).
To utilize 802.1x, all the devices on the network must be 802.1x and EAP enabled. The APs and the RADIUS server must share the same secret word; and the DSA-3100 and the RADIUS server must share the same secret word.
Configuring network devices for use with 802.1x:
To use 802.1x, please configure the RADIUS server, the access points and the DSA-
3100 as follows :
RADIUS server:
The system administrator should create a client account for the DSA-3100 first and define the required secret. (We suggest that you use a different one than the one the APs are using). The RADIUS server is capable of mulitple “secret keys” each assigned to a specific device. In order to participate in the network, each device must share the secret key that has been assigned to it in the RADIUS server’s configuration.
DSA-3100:
In the configuration utility, select Home>User Manager>Management Type and select
RADIUS.
Access Points:
When configuring the access point, include the IP address of the RADIUS server in the appropriate field. The corresponding secrets for each AP should match the settings in DSA-3100. Click Edit (as shown below) to input the IP addresses and the secret keys of the access points in your network.
