Milan Technology MIL-W2332G 3.5.3 IEEE 802.1x/RADIUS

48

3.5.3 IEEE 802.1x/RADIUS

IEEE 802.1x Port-Based Network Access Control is a new standard for solving some

security issues associated with IEEE 802.11, such as lack of user-based authentication

and dynamic encryption key distribution. With IEEE 802.1x and the help of a RADIUS

(Remote Authentication Dial-In User Service) server and a user account database, an

enterprise or ISP (Internet Service Provider) can manage its mobile users’ access to its

wireless LANs. Before granted access to a wireless LAN supporting IEEE 802.1x, a

user has to issue his or her user name and password or digital certificate to the backend

RADIUS server by EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS

server can record accounting information such as when a user logs on to the wireless

LAN and logs off from the wireless LAN for monitoring or billing purposes.

The IEEE 802.1x functionality of the access point is controlled by the security mode

(see Section 0). So far, the wireless access point supports two authentication mecha-

nisms—EAP-MD5 (Message Digest version 5), EAP-TLS (Transport Layer Security). If

EAP-MD5 is used, the user has to give his or her user name and password for authen-

tication. If EAP-TLS is used, the wireless client computer automatically gives the user’s

digital certificate that is stored in the computer hard disk or a smart card for authentica-

tion. And after a successful EAP-TLS authentication, a session key is automatically

generated for wireless packets encryption between the wireless client computer and its

associated wireless access point. To sum up, EAP-MD5 supports only user authentica-

tion, while EAP-TLS supports user authentication as well as dynamic encryption key

distribution.

RADIUS

Server

Internet

Wireless AP

Wireless AP User

Database

user authentication

user authentication

IEEE 802.1x-Compliant

Wireless Client

Fig. 52. IEEE 802.1x and RADIUS.

An access point supporting IEEE 802.1x can be configured to communicate with two

Contents

Main Page i Federal Communication Commission Interference Statement FCC Radiation Exposure Statement R&TTE Compliance Statement Table of Contents Page Page 1. Introduction 1.1 Overview 1.2 Features Page Management 1.3 LED Definitions 2. First-Time Installation and Configuration 2.1 Selecting a Power Supply Method 2.2 Mounting the AP on a Wall 2.3 Preparing for Configuration 2.3.1 Connecting the Managing Computer and the AP 2.3.2 Changing the TCP/IP Settings of the Managing Com- puter 2.4 Configuring the AP 2.4.1 Entering the User Name and Password 2.4.2 Step 1: Selecting an Operational Mode AP/Bridge. This mode provides both Access Point and Static LAN-to-LAN Bridging STA-AP. This type of wireless link is established between an IEEE 802.11 Station WDS. This type of wireless link is established between two IEEE 802.11 APs. Wire- 2.4.3 Step 2: Configuring TCP/IP Settings 2.4.4 Step 3: Configuring IEEE 802.11 Settings 2.4.5 Step 4: Reviewing and Applying Settings 2.5 Deploying the AP Page 2.6 Setting up Client Computers 2.6.1 Configuring IEEE 802.11g-Related Settings 2.6.2 Configuring TCP/IP-Related Settings 2.7 Confirming the Settings of the AP and Client Computers 2.7.1 Checking if the IEEE 802.11g-Related Settings Work 2.7.2 Checking if the TCP/IP-Related Settings Work Page Page 3.1.1 Menu Structure Home. For going back to the start page. Status. Status information. General. Global operations. TCP/IP. TCP/IP-related settings. Page 3.1.2 Save, Save & Restart, and Cancel Commands 3.1.3 Home and Refresh Commands 3.2 Viewing Status 3.2.1 Associated Wireless Clients 3.2.2 Current DHCP Mappings 3.2.3 System Log 3.2.4 Link Monitor 3.3 General Operations 3.3.1 Specifying Operational Mode AP/Bridge. This mode provides both Access Point and Static LAN-to-LAN STA-AP. This type of wireless link is established between an IEEE 802.11 Sta- WDS. This type of wireless link is established between two IEEE 802.11 APs. 3.3.2 Changing Password 3.3.3 Managing Firmware 3.3.3.1 Upgrading Firmware by HTTP 3.3.3.2 Backing up and Restoring Configuration Settings by HTTP 3.3.3.3 Upgrading Firmware by TFTP Page 3.3.3.4 Backing up and Restoring Configuration Settings by TFTP 3.3.3.5 Resetting Configuration to Factory Defaults 3.4 Configuring TCP/IP Related Settings 3.4.1 Addressing 3.4.2 DHCP Server 3.4.2.1 Basic 3.4.2.2 Static DHCP Mappings 3.5 Configuring IEEE 802.11g-Related Settings 3.5.1 Communication 3.5.1.1 Basic 3.5.1.2 Link Integrity 3.5.1.3 Association Control 3.5.1.4 AP Load Balancing 3.5.1.5 Wireless Distribution System LAN Page Page Page Page 3.5.2 Security 3.5.2.1 Basic Page Page 3.5.2.2 MAC-Address-Based Access Control Page 3.5.3 IEEE 802.1x/RADIUS Internet Page 3.6 Configuring Advanced Settings 3.6.1 Packet Filters 3.6.1.1 Ethernet Type Filters 3.6.1.2 IP Protocol Filters 3.6.1.3 TCP/UDP Port Filters 3.6.2 Management 3.6.2.1 UPnP Page 3.6.2.3 SNMP Appendix A: Default Settings Page Appendix B: Troubleshooting B-1: Wireless Settings Problems B-2: TCP/IP Settings Problems B-3: Unknown Problems Appendix C: Additional Information C-1: Firmware Upgrade Using Xmodem Upgrade