Configuring WPA with RADIUS security on a client
Wi-Fi Protected Access (WPA) with Remote Authentication Dial-In User Service (RADIUS) is a Wi-Fi Alliance subset of IEEE 802.11i, which includes Temporal Key Integrity Protocol (TKIP), and Counter mode/CBC-MAC Protocol mechanisms. This mode requires the use of a RADIUS server to authenticate users, and configuration of user accounts on the access point.
When you configure WPA with RADIUS security mode on the access point, you have a choice of whether to use the Built-in Authentication Server or an external RADIUS server that you provide.
The Gateway 7001 AP Built-in Authentication Server supports Protected Extensible Authentication Protocol (EAP) known as “EAP/PEAP” and Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAP V2), which provides authentication for point-to-point (PPP) connections between a Windows-based computer and network devices such as access points.
So, if you configure the network (access point) to use security mode and choose the Built-in Authentication server, you must configure client stations to use WPA with RADIUS and EAP/PEAP.
If you configure the network (access point) to use this security mode with an external RADIUS server, you must configure the client stations to use WPA with RADIUS and whichever security protocol your RADIUS server is configured to use.
WPA with RADIUS client using EAP/PEAP
The Built-In Authentication Server on the Gateway 7001 AP uses Protected Extensible Authentication Protocol (EAP) known as “EAP/PEAP”.
■If you are using the Built-in Authentication server with “WPA with RADIUS” security mode on the Gateway 7001 AP, then you will need to set up wireless clients to use PEAP.
■Additionally, you may have an external RADIUS server that uses EAP/PEAP. If so, you will need to (1) configure the RADIUS server and set up user accounts on it, and (2) configure your “WPA with RADIUS” wireless clients to use PEAP.
Important The following example assumes you are using the Built-in Authentication server that comes with the Gateway 7001 AP. If you are setting up EAP/PEAP on a client of an AP that is using an external RADIUS server, the client configuration process will differ somewhat from this example, especially with regard to certificate validation.
If you configured the Gateway 7001 AP to use WPA with RADIUS security mode and to use either the built-in authentication server or an external RADIUS server that uses EAP/PEAP, you must first set up user accounts on the access point (Cluster > User Management), then configure WPA security with PEAP authentication on each client.
