Manuals / NETGEAR / Computer Equipment / Switch

NETGEAR WFS709TP-100NAS manual Chapter Configuring 802.1x Authentication

Models: WFS709TP-100NAS

1 222

Download 222 pages 54.79 Kb

Page 125

Chapter 7

Configuring 802.1x Authentication

802.1x is an Institute of Electrical and Electronics Engineers (IEEE) standard that provides an authentication framework for wireless LANs (WLANs). 802.1x uses the Extensible Authentication Protocol (EAP) to exchange messages during the authentication process. The authentication protocols that operate inside the 802.1x framework that are suitable for wireless networks include EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), and EAP- Tunneled TLS (EAP-TTLS). These protocols allow the network to authenticate the client while also allowing the client to authenticate the network.

This chapter describes the following topics:

•“802.1x Authentication” on page 7-1

•“Configuring 802.1x Authentication” on page 7-4

•“Advanced Configuration Options for 802.1x” on page 7-6

802.1x Authentication

802.1x authentication consists of three components:

•The supplicant, or client, is the device attempting to gain access to the network. You can configure your system to support 802.1x authentication for wired users as well as wireless users.

•The authenticator is the gatekeeper to the network and permits or denies access to the supplicants. The WFS709TP ProSafe Smart Wireless Switch acts as the authenticator, relaying information between the authentication server and supplicant. The EAP type must be consistent between the authentication server and supplicant and is transparent to the WFS709TP.

•The authentication server provides a database of information required for authentication and informs the authenticator to deny or permit access to the supplicant.

The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS) server that can authenticate either users (through passwords or certificates) or the client computer.

7-1

v1.0, June 2007

Image 125

NETGEAR WFS709TP-100NAS manual Chapter Configuring 802.1x Authentication

Contents

NETGEAR, Inc Trademarks Technical SupportStatement of Conditions Certificate of the Manufacturer/ImporterCanada United StatesEurope JapanKorea Lithium Battery Safety NoticeAustralia/New Zealand Rest of WorldChina RoHS European Union RoHSModel Number Publication Date June Product Family Wireless Product NameProduct and Publication Details Contents Chapter Configuring Network Parameters Chapter Configuring Wlans Chapter Configuring MAC-Based Authentication Appendix a Configuring Dhcp with Vendor-Specific Options Appendix D Related Documents Index Conventions, Formats, and Scope About This ManualHow to Print this Manual How to Use This ManualRevision History Xvi About This Manual WFS709TP System Components Netgear ProSafe Access PointsChapter Overview of the WFS709TP WFS709TP WFS709TP Data center Automatic RF Channel and Power Settings Wireless clients FloorWiring closet Internet RF Monitoring WFS709TP ProSafe SwitchesV1.0, June WFS709TP Software Netgear Wireless APs Local WFS709TP Master WFS709TPAuthentication Basic Wlan ConfigurationV1.0, June Encryption Encryption Options by Authentication MethodAuthentication Method Encryption Option Vlan Netgear AP Floor Wiring closet InternetAssociation Wireless Client Access to the WlanCaptive Portal 802.1x AuthenticationClient Mobility and AP Association MAC Address AuthenticationConfiguring and Managing the WFS709TP V1.0, June Tools Configuration ToolBrowser Interface Tools Menu DescriptionWlan Configuration Pages BasicV1.0, June Router is default gateway for WFS709TP and clients Configuration OverviewChapter Deploying a Basic WFS709TP System Deployment Scenario #1Deployment Scenario #2 Run the initial setup seeRun the Initial Setup on Deployment Scenario #3 Configuring the WFS709TP Run the Initial Setup V1.0, June Configure the Switch for the Access Points V1.0, June Create the Vlan Configure a Vlan for Network ConnectionConfigure the Trunk Port Connect the WFS709TP to the Network Configure the Default GatewayConfigure the Loopback for the WFS709TP Deploying APs Enable APs to Obtain IP Addresses Enable APs to Connect to the WFS709TPLocate the WFS709TP V1.0, June Provision APs Install APsV1.0, June Additional Configuration Creating a Vlan Chapter Configuring Network ParametersConfiguring VLANs Assigning a Static Address to a Vlan Cable modem or Bras Configuring a Vlan to Receive a Dynamic AddressTo local InternetDNS/WINS Server from Dhcp Default Gateway from DhcpEnabling the Dhcp Client Configuring Static Routes Configuring the Loopback IP Address V1.0, June V1.0, June RF Plan Overview Chapter RF PlanPlanning Requirements Before You BeginTask Overview Using RF Plan Building List Building Specification OverviewBuilding Dimension V1.0, June AP Modeling Parameters Design Model Radio TypeOverlap Factor Rates AM Modeling ParametersUsers Monitor Rates Planning FloorsZoom Floor Editor Dialog Box CoverageCoverage Rate Area Editor Dialog Box V1.0, June Access Point Editor V1.0, June Initialize AP PlanningViewing the Results StartAM Planning Export Buildings Exporting and Importing FilesImport Buildings LocateSample Building RF Plan ExampleText Box Information Building Planning SpecificationsCreate a Building Model the Access Points Add and Edit a Floor Model the Air MonitorsDefining Areas Create a Don’t Care Area Create a Don’t Deploy Area Running the AP Plan Running the AM Plan Click Save V1.0, June Chapter Configuring Wlans Method Description Determine the Authentication MethodAuthentication Methods Supported Authentication Servers by Authentication Types Authentication ServerAuthentication Type Authentication Servers Internal DBDetermine the Default Vlan Basic Wlan Configuration in the Browser InterfaceV1.0, June Parameter Definition Wlan Basic Configuration ParametersParameter Definition Example ConfigurationV1.0, June Configuring Global Parameters Advanced Wlan Configuration in the Browser InterfaceAdd or Modify SSIDs Configuring Location-Specific ParametersAdvanced Ssid Configuration Settings Default SsidConfigure AP Information V1.0, June Configuring Radio Settings V1.0, June V1.0, June Example Configuration V1.0, June Power Setting Channel SettingAdvantages of Using IRM IntelliFi RF ManagementConfiguring IRM V1.0, June V1.0, June Configuring an External Radius Server Chapter Configuring AAA ServersRadius Server Configuration Information Parameter DescriptionConfiguring AAA Servers Internal Database Entry Information Adding Users to the Internal DatabaseLogon User Lifetime Configuring Authentication TimersV1.0, June V1.0, June 802.1x Authentication Chapter Configuring 802.1x AuthenticationAuthentication Authentication with a Radius ServerNetwork authentication Data encryption ClientAuthentication via Authentication Terminated on WFS709TPUser Internal databaseConfiguring 802.1x Authentication Parameter Description Default 802.1x Authentication1x Authentication Browser Interface Page Options Advanced Configuration Options for Field Description Default Advanced Authentication Fields500 Overview of Captive Portal Functions Chapter Configuring the Captive PortalConfiguring Captive Portal Configuring Advanced Captive Portal Options Enabled Changing the Protocol to Http Configuring the AAA Server for Captive PortalPersonalizing the Captive Portal V1.0, June V1.0, June Configuring MAC-Based Authentication Configuring Users V1.0, June V1.0, June Chapter Adding Local WFS709TPs Moving to a Multi-Switch EnvironmentConfiguring L2/L3 Settings Configuring Local WFS709TPsConfiguring the Local WFS709TP Configuring APs Configuring Trusted PortsRebooting APs Virtual Router Redundancy Protocol Chapter Configuring RedundancyRedundancy Configuration Configuring Local WFS709TP Redundancy Parameter Explanation Expected or Recommended Values Vrrp Parameters for Local WFS709TP RedundancyMaster WFS709TP Redundancy Vrrp Associations Association Function Switch IDMaster-Local WFS709TP Redundancy Vlan 1, 2, ... N MasterLayer NetworkConfiguring Redundancy 11-7 11-8 Configuring Redundancy Rogue/Interfering AP Detection Configuring Wireless Intrusion ProtectionClassifying APs Enabling AP LearningConfiguring Wireless Intrusion Protection 12-3 FIeld Description Configuring Rogue AP DetectionAP Classifications Valid Channel Types Misconfigured AP DetectionConfiguring Misconfigured AP Protection 12-6 Configuring Wireless Intrusion Protection Configuring Management Users Chapter Configuring Management UtilitiesSnmp for the WFS709TP Configuring SnmpBasic WFS709TP Snmp Parameters Field Description Expected/Recommended ValueSNMPv3 User Details Snmp for Access Points Field Description Expected/Recommended Values Basic Access Point Snmp ParametersTraps on page 13-9 for a complete list SNMPv3 Access Point User DetailsConfiguring Management Utilities 13-7 13-8 Configuring Management Utilities WFS709TP Traps Snmp TrapsWFS709TP Snmp Traps Trap Description Priority LevelAccess Point Snmp Traps Access Point/Air Monitor TrapsConfiguring Management Utilities 13-11 Module Description Configuring LoggingWFS709TP Modules Configuring Management Utilities 13-13 Creating Guest Accounts Configuring Management Utilities 13-15 Servers for File Transfer Server Type ConfigurationManaging Files on the WFS709TP Backing Up and Restoring the Flash File System Managing Image FilesCopying Other Files Copying Log FilesInstalling a Server Certificate 13-20 Configuring Management Utilities Voice over IP Proxy ARP Chapter Configuring WFS709TP for VoiceBattery Boost Limiting the Number of Active Voice Calls WPA Fast Handover Overview Appendix a Configuring Dhcp with Vendor-Specific OptionsWindows-Based Dhcp Servers Configuring OptionFigure A-1 Figure A-2 Linux Dhcp ServersV1.0, June V1.0, June Window XP Wireless Client Example Configuration Appendix B Windows Client Example Configuration forFigure B-1 V1.0, June Figure B-3 Figure B-4 Figure B-5 Figure B-6 V1.0, June Creating a New Internal Web Appendix C Internal Captive PortalUsername PasswordHtml Head Body Basic Html ExampleDisplaying Authentication Error Message Installing a New Captive PortalV1.0, June Language Customization Head TitlePortal Login/title Replace this with a link like the following Div id=errorbox style=display none V1.0, June Figure C-1shows a sample of a translated Figure C-2 Customizing the WelcomeV1.0, June Customizing the Pop-Up Box Customizing the Logged Out Box V1.0, June Document Link Appendix D Related DocumentsV1.0, May Numbers IndexNetgear FrameMaker Templates for the Reference Print Manual Index Index-3 Index-4