WFS709TP ProSafe Smart Wireless Switch Software Administration Manual

For the WFS709TP to communicate with the authentication server, you must configure the IP address, authentication port, and accounting port of the server on the WFS709TP. The authentication server must be configured with the IP address of the RADIUS client, which here is the WFS709TP. Both the WFS709TP and the authentication server must be configured to use the same shared secret.

As described in Chapter 1, “Overview of the WFS709TP”, the client communicates with the WFS709TP through a Generic Routing Encapsulation (GRE) tunnel in order to form an association with an AP and to authenticate to the network. Therefore, the network authentication and encryption configured for an ESSID must be the same on both the client and the WFS709TP.

“Configuring 802.1x Authentication” on page 7-4 describes 802.1x configuration on the WFS709TP.

Authentication Terminated on WFS709TP

Figure 7-2is an overview of the parameters that you need to configure on 802.1x authentication components when 802.1x authentication is terminated on the WFS709TP (AAA FastConnect). User authentication is performed either via the WFS709TP’s internal database or by a non-802.1x server.

 

 

User

 

 

authentication via

 

 

internal database

 

WFS709TP

or non-802.1x

Client

server

(Autuenticator and

(Supplicant)

 

authentication server)

 

 

 

EAP type = EAP-PEAP Inner EAP = EAP-GTC or EAP- MSCHAPv2

ESSID

Network authentication Data encryption

EAP type = EAP-PEAP Inner EAP = EAP-GTC or EAP- MSCHAPv2

ESSID

Network authentication Data encryption

Figure 7-2

Configuring 802.1x Authentication

7-3

v1.0, June 2007

Page 127
Image 127
NETGEAR WFS709TP-100NAS Authentication Terminated on WFS709TP, User, Internal database, Or non-802.1x, Authentication via