Manuals / NETGEAR / Computer Equipment / Switch

NETGEAR WFS709TP-100NAS manual Authentication Terminated on WFS709TP, User, Internal database

Models: WFS709TP-100NAS

1 222

Download 222 pages 54.79 Kb

Page 127

WFS709TP ProSafe Smart Wireless Switch Software Administration Manual

For the WFS709TP to communicate with the authentication server, you must configure the IP address, authentication port, and accounting port of the server on the WFS709TP. The authentication server must be configured with the IP address of the RADIUS client, which here is the WFS709TP. Both the WFS709TP and the authentication server must be configured to use the same shared secret.

As described in Chapter 1, “Overview of the WFS709TP”, the client communicates with the WFS709TP through a Generic Routing Encapsulation (GRE) tunnel in order to form an association with an AP and to authenticate to the network. Therefore, the network authentication and encryption configured for an ESSID must be the same on both the client and the WFS709TP.

“Configuring 802.1x Authentication” on page 7-4 describes 802.1x configuration on the WFS709TP.

Authentication Terminated on WFS709TP

Figure 7-2is an overview of the parameters that you need to configure on 802.1x authentication components when 802.1x authentication is terminated on the WFS709TP (AAA FastConnect). User authentication is performed either via the WFS709TP’s internal database or by a non-802.1x server.

			User
			authentication via
			internal database
		WFS709TP	or non-802.1x
	Client	WFS709TP	server
	Client	(Autuenticator and	server
	(Supplicant)	(Autuenticator and
	(Supplicant)	authentication server)
		authentication server)

EAP type = EAP-PEAP Inner EAP = EAP-GTC or EAP- MSCHAPv2

ESSID

Network authentication Data encryption

EAP type = EAP-PEAP Inner EAP = EAP-GTC or EAP- MSCHAPv2

ESSID

Network authentication Data encryption

Figure 7-2

Configuring 802.1x Authentication

7-3

v1.0, June 2007

Image 127

NETGEAR WFS709TP-100NAS Authentication Terminated on WFS709TP, User, Internal database, Or non-802.1x, Authentication via

Contents

NETGEAR, Inc Certificate of the Manufacturer/Importer Technical SupportTrademarks Statement of ConditionsJapan United StatesCanada EuropeRest of World Lithium Battery Safety NoticeKorea Australia/New ZealandChina RoHS European Union RoHSProduct and Publication Details Publication Date June Product Family Wireless Product NameModel Number Contents Chapter Configuring Network Parameters Chapter Configuring Wlans Chapter Configuring MAC-Based Authentication Appendix a Configuring Dhcp with Vendor-Specific Options Appendix D Related Documents Index Conventions, Formats, and Scope About This ManualHow to Print this Manual How to Use This ManualRevision History Xvi About This Manual Chapter Overview of the WFS709TP Netgear ProSafe Access PointsWFS709TP System Components WFS709TP WFS709TP Wiring closet Internet Wireless clients FloorData center Automatic RF Channel and Power Settings RF Monitoring WFS709TP ProSafe SwitchesV1.0, June WFS709TP Software Netgear Wireless APs Local WFS709TP Master WFS709TPAuthentication Basic Wlan ConfigurationV1.0, June Authentication Method Encryption Option Encryption Options by Authentication MethodEncryption Vlan Netgear AP Floor Wiring closet InternetAssociation Wireless Client Access to the WlanCaptive Portal 802.1x AuthenticationClient Mobility and AP Association MAC Address AuthenticationConfiguring and Managing the WFS709TP V1.0, June Menu Description Configuration ToolTools Browser Interface ToolsWlan Configuration Pages BasicV1.0, June Deployment Scenario #1 Configuration OverviewRouter is default gateway for WFS709TP and clients Chapter Deploying a Basic WFS709TP SystemDeployment Scenario #2 Run the initial setup seeRun the Initial Setup on Deployment Scenario #3 Configuring the WFS709TP Run the Initial Setup V1.0, June Configure the Switch for the Access Points V1.0, June Create the Vlan Configure a Vlan for Network ConnectionConfigure the Trunk Port Connect the WFS709TP to the Network Configure the Default GatewayConfigure the Loopback for the WFS709TP Deploying APs Enable APs to Obtain IP Addresses Enable APs to Connect to the WFS709TPLocate the WFS709TP V1.0, June Provision APs Install APsV1.0, June Additional Configuration Configuring VLANs Chapter Configuring Network ParametersCreating a Vlan Assigning a Static Address to a Vlan Internet Configuring a Vlan to Receive a Dynamic AddressCable modem or Bras To localEnabling the Dhcp Client Default Gateway from DhcpDNS/WINS Server from Dhcp Configuring Static Routes Configuring the Loopback IP Address V1.0, June V1.0, June RF Plan Overview Chapter RF PlanTask Overview Before You BeginPlanning Requirements Using RF Plan Building List Building Specification OverviewBuilding Dimension V1.0, June AP Modeling Parameters Overlap Factor Radio TypeDesign Model Users AM Modeling ParametersRates Monitor Rates Planning FloorsZoom Coverage Rate CoverageFloor Editor Dialog Box Area Editor Dialog Box V1.0, June Access Point Editor V1.0, June Initialize AP PlanningViewing the Results StartAM Planning Export Buildings Exporting and Importing FilesImport Buildings LocateSample Building RF Plan ExampleCreate a Building Building Planning SpecificationsText Box Information Model the Access Points Add and Edit a Floor Model the Air MonitorsDefining Areas Create a Don’t Care Area Create a Don’t Deploy Area Running the AP Plan Running the AM Plan Click Save V1.0, June Chapter Configuring Wlans Authentication Methods Determine the Authentication MethodMethod Description Internal DB Authentication ServerSupported Authentication Servers by Authentication Types Authentication Type Authentication ServersDetermine the Default Vlan Basic Wlan Configuration in the Browser InterfaceV1.0, June Parameter Definition Wlan Basic Configuration ParametersParameter Definition Example ConfigurationV1.0, June Configuring Global Parameters Advanced Wlan Configuration in the Browser InterfaceAdd or Modify SSIDs Configuring Location-Specific ParametersAdvanced Ssid Configuration Settings Default SsidConfigure AP Information V1.0, June Configuring Radio Settings V1.0, June V1.0, June Example Configuration V1.0, June IntelliFi RF Management Channel SettingPower Setting Advantages of Using IRMConfiguring IRM V1.0, June V1.0, June Parameter Description Chapter Configuring AAA ServersConfiguring an External Radius Server Radius Server Configuration InformationConfiguring AAA Servers Internal Database Entry Information Adding Users to the Internal DatabaseLogon User Lifetime Configuring Authentication TimersV1.0, June V1.0, June 802.1x Authentication Chapter Configuring 802.1x AuthenticationClient Authentication with a Radius ServerAuthentication Network authentication Data encryptionInternal database Authentication Terminated on WFS709TPAuthentication via UserConfiguring 802.1x Authentication 1x Authentication Browser Interface Page Options 802.1x AuthenticationParameter Description Default Advanced Configuration Options for Field Description Default Advanced Authentication Fields500 Overview of Captive Portal Functions Chapter Configuring the Captive PortalConfiguring Captive Portal Configuring Advanced Captive Portal Options Enabled Changing the Protocol to Http Configuring the AAA Server for Captive PortalPersonalizing the Captive Portal V1.0, June V1.0, June Configuring MAC-Based Authentication Configuring Users V1.0, June V1.0, June Chapter Adding Local WFS709TPs Moving to a Multi-Switch EnvironmentConfiguring the Local WFS709TP Configuring Local WFS709TPsConfiguring L2/L3 Settings Configuring APs Configuring Trusted PortsRebooting APs Redundancy Configuration Chapter Configuring RedundancyVirtual Router Redundancy Protocol Configuring Local WFS709TP Redundancy Parameter Explanation Expected or Recommended Values Vrrp Parameters for Local WFS709TP RedundancyMaster WFS709TP Redundancy Master-Local WFS709TP Redundancy Association Function Switch IDVrrp Associations Network MasterVlan 1, 2, ... N LayerConfiguring Redundancy 11-7 11-8 Configuring Redundancy Rogue/Interfering AP Detection Configuring Wireless Intrusion ProtectionClassifying APs Enabling AP LearningConfiguring Wireless Intrusion Protection 12-3 AP Classifications Configuring Rogue AP DetectionFIeld Description Configuring Misconfigured AP Protection Misconfigured AP DetectionValid Channel Types 12-6 Configuring Wireless Intrusion Protection Configuring Management Users Chapter Configuring Management UtilitiesField Description Expected/Recommended Value Configuring SnmpSnmp for the WFS709TP Basic WFS709TP Snmp ParametersSNMPv3 User Details Snmp for Access Points Field Description Expected/Recommended Values Basic Access Point Snmp ParametersTraps on page 13-9 for a complete list SNMPv3 Access Point User DetailsConfiguring Management Utilities 13-7 13-8 Configuring Management Utilities Trap Description Priority Level Snmp TrapsWFS709TP Traps WFS709TP Snmp TrapsAccess Point Snmp Traps Access Point/Air Monitor TrapsConfiguring Management Utilities 13-11 WFS709TP Modules Configuring LoggingModule Description Configuring Management Utilities 13-13 Creating Guest Accounts Configuring Management Utilities 13-15 Managing Files on the WFS709TP Server Type ConfigurationServers for File Transfer Backing Up and Restoring the Flash File System Managing Image FilesCopying Other Files Copying Log FilesInstalling a Server Certificate 13-20 Configuring Management Utilities Voice over IP Proxy ARP Chapter Configuring WFS709TP for VoiceBattery Boost Limiting the Number of Active Voice Calls WPA Fast Handover Overview Appendix a Configuring Dhcp with Vendor-Specific OptionsWindows-Based Dhcp Servers Configuring OptionFigure A-1 Figure A-2 Linux Dhcp ServersV1.0, June V1.0, June Window XP Wireless Client Example Configuration Appendix B Windows Client Example Configuration forFigure B-1 V1.0, June Figure B-3 Figure B-4 Figure B-5 Figure B-6 V1.0, June Creating a New Internal Web Appendix C Internal Captive PortalUsername PasswordHtml Head Body Basic Html ExampleDisplaying Authentication Error Message Installing a New Captive PortalV1.0, June Language Customization Head TitlePortal Login/title Replace this with a link like the following Div id=errorbox style=display none V1.0, June Figure C-1shows a sample of a translated Figure C-2 Customizing the WelcomeV1.0, June Customizing the Pop-Up Box Customizing the Logged Out Box V1.0, June Document Link Appendix D Related DocumentsV1.0, May Numbers IndexNetgear FrameMaker Templates for the Reference Print Manual Index Index-3 Index-4