Harmony House 802.11a manual 802.1x, Harmony Security Protocol Guidelines

Harmony Security Protocol Guidelines

•If you want to use the Harmony Security Protocol on your network, you must enable the protocol on all of your network’s Harmony 802.11a Access Points and Harmony 802.11a clients.

•At this time, the Harmony Security Protocol’s client application supports Windows 98 SE, Windows ME, Windows 2000 Professional, and Windows XP. The protocol does not support Windows 2000 Server or Windows NT 4.0.

•The Harmony Security Protocol is only available for clients that are operating in Infrastructure mode.

•The Harmony Security Protocol requires that you have one or more Access Point Controllers installed on the network.

•A network administrator who manages the network’s Harmony Access Point Controller(s) must assign each user a Harmony User Name and Password and enter this information into the Harmony System’s User Database. Refer to the Harmony Access Point Controller User’s Guide for details.

•If you enable the Harmony Security Protocol, you do not need to configure WEP Keys on an 802.11a client (the Harmony System will generate keys for you).

802.1x

802.1x is an IEEE security standard for authenticating users on local area networks based on the Extensible Authentication Protocol (EAP). For more information on this standard, refer to the IEEE Web site at http://www.ieee.org/.

On a wireless LAN with 802.1x enabled, an Access Point will block all traffic from a wireless client until after the user has been authenticated by the network’s RADIUS (Remote Authentication Dial-In User Service) server. Proxim supports the following RADIUS servers for use with Harmony 802.11a products:

•Microsoft Windows 2000 Internet Authentication Service (IAS) Server

•Funk Odyssey Server

Note: You may also need to install additional components based upon the server’s requirements and EAP authentication type. For example, EAP-TLS requires a Certificate Authority (CA) and that digital certificates be installed on the RADIUS server and each wireless client.

EAP is a flexible protocol which does not specify an authentication type. The available authentication types will vary based upon your RADIUS server and your client software; many offer advanced features such as mutual authentication between client and server and data encryption. For data encryption, a RADIUS server generates a unique WEP Key for each user following authentication. This WEP Key is used to encrypt unicast packets between the Access Point and wireless client. To encrypt broadcast packets, the Access Point and its clients use the AP’s configured Global WEP Keys.