Configuring IEEE 802.1x security on a client

IEEE 802.1x is the standard defining port-based authentication and infrastructure for doing key management. Extensible Authentication Protocol (EAP) messages are sent over an IEEE

802.11wireless network using a protocol called EAP Encapsulation Over LANs (EAPOL). IEEE 802.1x provides dynamically-generated keys that are periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame.

IEEE 802.1x client using EAP/PEAP

The Built-In Authentication Server on the Gateway 7001 AP uses Protected Extensible Authentication Protocol (EAP) referred to here as “EAP/PEAP”.

If you are using the Built-in Authentication server with “IEEE 802.1x” security mode on the Gateway 7001 AP, then you will need to set up wireless clients to use PEAP.

Additionally, you may have an external RADIUS server that uses EAP/PEAP. If so, you will need to (1) add the Gateway 7001 AP to the list of RADIUS server clients, and (2) configure your IEEE 802.1x wireless clients to use PEAP.

Important The following example assumes you are using the Built-in Authentication server that comes with the Gateway® 7001 AP. If you are setting up EAP/PEAP on a client of an AP that is using an external RADIUS server, the client configuration process will differ somewhat from this example especially with regard to certificate validation.

If you configured the Gateway 7001 AP to use IEEE 802.1x security mode, as shown in the following illustration, you need to configure IEEE 802.1x security with PEAP authentication on each client.

www.gateway.com

129