Gateway 7001 Series manual 127

■“Configuring a client to access an unsecure network (plain text mode)” on page 125

■“Configuring static WEP security on a client” on page 126

■“Configuring IEEE 802.1x security on a client” on page 129

■“Configuring WPA with RADIUS security on a client” on page 137

■“Configuring WPA-PSK security on a client” on page 144

■“Configuring an external RADIUS server to recognize the Gateway 7001 AP” on page 146

■“Obtaining a TLS-EAP certificate for a client” on page 151

Network infrastructure and choosing between built-in or external authentication server

Network security configurations including Public Key Infrastructures (PKI), Remote Authentication Dial-in User Server (RADIUS) servers, and Certificate Authority (CA) can vary a great deal from one organization to the next in terms of how they provide Authentication, Authorization, and Accounting (AAA). Ultimately, the particulars of your infrastructure will determine how clients should configure security to access the wireless network. Rather than try to predict and address the details of every possible scenario, this document provides general guidelines about each type of client configuration supported by the Gateway 7001 AP.

I want to use the built-in authentication server (EAP-PEAP)

If you do not have a RADIUS server or PKI infrastructure in place or if you are unfamiliar with many of these concepts, we strongly recommend setting up the Gateway 7001 APs with security that uses the built-in authentication server on the AP. This will mean setting up the AP to use either IEEE 802.1x or WPA with RADIUS security mode. (The built-in authentication server uses EAP-PEAP authentication protocol.)

■If the Gateway 7001 AP is set up to use IEEE 802.1x mode and the Built-in Authentication Server, then configure wireless clients as described in “IEEE 802.1x client using EAP/PEAP” on page 129.

■If the Gateway 7001 AP is configured to use WPA with RADIUS mode and the Built-in Authentication Server, configure wireless clients as described in “WPA with RADIUS client using EAP/PEAP” on page 137.

I want to use an external RADIUS server with EAP-TLS certificates or EAP-PEAP

We make the assumption that if you have an external RADIUS server and PKI/CA setup, you will know how to configure client security options appropriate to your security infrastructure beyond the fundamental suggestions given here. Topics covered here that particularly relate to client security configuration in a RADIUS - PKI environment are: