Manuals / NETGEAR / Computer Equipment / Switch

NETGEAR WFS709TP-100NAS manual Determine the Authentication Method, Authentication Methods

Models: WFS709TP-100NAS

1 222

Download 222 pages 54.79 Kb

Page 98

WFS709TP ProSafe Smart Wireless Switch Software Administration Manual

Determine the Authentication Method

A user must authenticate to the system in order to access WLAN resources. Table 5-1describes the types of authentication that you can configure for a WLAN.

Table 5-1. Authentication Methods

Method	Description

None (also called open	This is the default authentication protocol. The client’s identity, in the form of the
system authentication)	media access control (MAC) address of the wireless adapter in the wireless
	client, is passed to the WFS709TP. Essentially, any client requesting access to
	the WLAN is authenticated.

IEEE 802.1x	The IEEE 802.1x authentication standard allows for the use of keys that are
	dynamically generated on a per-user basic (as opposed to a static key that is the
	same on all devices in the network).
	The 802.1x standard requires the use of a RADIUS authentication server. Most
	Lightweight Directory Access Protocol (LDAP) servers do not support 802.1x.

Wi-Fi Protected Access	WPA implements most of the IEEE 802.11i standard. It is designed for use with
(WPA)	an 802.1x authentication server (the Wi-Fi Alliance refers to this mode as WPA-
	Enterprise). WPA uses the Temporal Key Integrity Protocol (TKIP) to dynamically
	change keys and RC4 stream cipher to encrypt data.

WPA in pre-shared key	With WPA-PSK, all clients use the same key (the Wi-Fi Alliance refers to this
(PSK) mode (WPA-PSK)	mode as WPA-Personal).
	In PSK mode, users must enter a passphrase from 8-63 characters to access
	the network. PSK is intended for home and small office networks where
	operating an 802.1x authentication server is not practical.

WPA2	WPA2 implements the full IEEE 802.11i standard. In addition to WPA features,
	WPA2 provides Counter Mode with Cipher Blocking Chaining Message
	Authentication Code Protocol (CCMP) for encryption that uses the Advanced
	Encryption Standard (AES) algorithm. (The Wi-Fi Alliance refers to this mode as
	WPA2-Enterprise.)

WPA2-PSK	WPA2-PSK is WPA2 used in PSK mode, where all clients use the same key.
	(The Wi-Fi Alliance refers to this mode as WPA2-Personal.)

Captive Portal	Captive Portal allows users to authenticate using a web-based portal. Captive
	Portal users can be authenticated to an external authentication server or to the
	internal database on the WFS709TP. Captive Portal authentication does not
	provide any type of data encryption beyond the SSL encryption used during the
	authentication. You can configure WEP encryption or WPA-PSK, or WPA2-PSK
	authentication in conjunction with Captive Portal.

MAC	Allows the media access control (MAC) address of a device to be authenticated
	to an external authentication server or to the internal database on the
	WFS709TP. You can configure MAC authentication in conjunction with WPA-
	PSK or WPA2-PSK authentication.


5-2	Configuring WLANS

v1.0, June 2007

Image 98

NETGEAR WFS709TP-100NAS manual Determine the Authentication Method, Authentication Methods, Method Description

Contents

NETGEAR, Inc Statement of Conditions Technical SupportTrademarks Certificate of the Manufacturer/ImporterEurope United StatesCanada JapanAustralia/New Zealand Lithium Battery Safety NoticeKorea Rest of WorldEuropean Union RoHS China RoHSModel Number Publication Date June Product Family Wireless Product NameProduct and Publication Details Contents Chapter Configuring Network Parameters Chapter Configuring Wlans Chapter Configuring MAC-Based Authentication Appendix a Configuring Dhcp with Vendor-Specific Options Appendix D Related Documents Index About This Manual Conventions, Formats, and ScopeHow to Use This Manual How to Print this ManualRevision History Xvi About This Manual WFS709TP System Components Netgear ProSafe Access PointsChapter Overview of the WFS709TP WFS709TP WFS709TP Data center Automatic RF Channel and Power Settings Wireless clients FloorWiring closet Internet WFS709TP ProSafe Switches RF MonitoringV1.0, June Netgear Wireless APs Local WFS709TP Master WFS709TP WFS709TP SoftwareBasic Wlan Configuration AuthenticationV1.0, June Encryption Encryption Options by Authentication MethodAuthentication Method Encryption Option Vlan Floor Wiring closet Internet Netgear APWireless Client Access to the Wlan Association802.1x Authentication Captive PortalMAC Address Authentication Client Mobility and AP AssociationConfiguring and Managing the WFS709TP V1.0, June Browser Interface Tools Configuration ToolTools Menu DescriptionConfiguration Pages Basic WlanV1.0, June Chapter Deploying a Basic WFS709TP System Configuration OverviewRouter is default gateway for WFS709TP and clients Deployment Scenario #1Deployment Scenario #2 Run the initial setup seeRun the Initial Setup on Deployment Scenario #3 Configuring the WFS709TP Run the Initial Setup V1.0, June Configure the Switch for the Access Points V1.0, June Configure a Vlan for Network Connection Create the VlanConfigure the Trunk Port Configure the Default Gateway Connect the WFS709TP to the NetworkConfigure the Loopback for the WFS709TP Deploying APs Enable APs to Connect to the WFS709TP Enable APs to Obtain IP AddressesLocate the WFS709TP V1.0, June Install APs Provision APsV1.0, June Additional Configuration Creating a Vlan Chapter Configuring Network ParametersConfiguring VLANs Assigning a Static Address to a Vlan To local Configuring a Vlan to Receive a Dynamic AddressCable modem or Bras InternetDNS/WINS Server from Dhcp Default Gateway from DhcpEnabling the Dhcp Client Configuring Static Routes Configuring the Loopback IP Address V1.0, June V1.0, June Chapter RF Plan RF Plan OverviewPlanning Requirements Before You BeginTask Overview Using RF Plan Building Specification Overview Building ListBuilding Dimension V1.0, June AP Modeling Parameters Design Model Radio TypeOverlap Factor Rates AM Modeling ParametersUsers Planning Floors Monitor RatesZoom Floor Editor Dialog Box CoverageCoverage Rate Area Editor Dialog Box V1.0, June Access Point Editor V1.0, June AP Planning InitializeStart Viewing the ResultsAM Planning Exporting and Importing Files Export BuildingsLocate Import BuildingsRF Plan Example Sample BuildingText Box Information Building Planning SpecificationsCreate a Building Model the Access Points Model the Air Monitors Add and Edit a FloorDefining Areas Create a Don’t Care Area Create a Don’t Deploy Area Running the AP Plan Running the AM Plan Click Save V1.0, June Chapter Configuring Wlans Method Description Determine the Authentication MethodAuthentication Methods Authentication Type Authentication Servers Authentication ServerSupported Authentication Servers by Authentication Types Internal DBBasic Wlan Configuration in the Browser Interface Determine the Default VlanV1.0, June Wlan Basic Configuration Parameters Parameter DefinitionExample Configuration Parameter DefinitionV1.0, June Advanced Wlan Configuration in the Browser Interface Configuring Global ParametersConfiguring Location-Specific Parameters Add or Modify SSIDsDefault Ssid Advanced Ssid Configuration SettingsConfigure AP Information V1.0, June Configuring Radio Settings V1.0, June V1.0, June Example Configuration V1.0, June Advantages of Using IRM Channel SettingPower Setting IntelliFi RF ManagementConfiguring IRM V1.0, June V1.0, June Radius Server Configuration Information Chapter Configuring AAA ServersConfiguring an External Radius Server Parameter DescriptionConfiguring AAA Servers Adding Users to the Internal Database Internal Database Entry InformationConfiguring Authentication Timers Logon User LifetimeV1.0, June V1.0, June Chapter Configuring 802.1x Authentication 802.1x AuthenticationNetwork authentication Data encryption Authentication with a Radius ServerAuthentication ClientUser Authentication Terminated on WFS709TPAuthentication via Internal databaseConfiguring 802.1x Authentication Parameter Description Default 802.1x Authentication1x Authentication Browser Interface Page Options Advanced Configuration Options for Advanced Authentication Fields Field Description Default500 Chapter Configuring the Captive Portal Overview of Captive Portal FunctionsConfiguring Captive Portal Configuring Advanced Captive Portal Options Enabled Configuring the AAA Server for Captive Portal Changing the Protocol to HttpPersonalizing the Captive Portal V1.0, June V1.0, June Configuring MAC-Based Authentication Configuring Users V1.0, June V1.0, June Moving to a Multi-Switch Environment Chapter Adding Local WFS709TPsConfiguring L2/L3 Settings Configuring Local WFS709TPsConfiguring the Local WFS709TP Configuring Trusted Ports Configuring APsRebooting APs Virtual Router Redundancy Protocol Chapter Configuring RedundancyRedundancy Configuration Configuring Local WFS709TP Redundancy Vrrp Parameters for Local WFS709TP Redundancy Parameter Explanation Expected or Recommended ValuesMaster WFS709TP Redundancy Vrrp Associations Association Function Switch IDMaster-Local WFS709TP Redundancy Layer MasterVlan 1, 2, ... N NetworkConfiguring Redundancy 11-7 11-8 Configuring Redundancy Configuring Wireless Intrusion Protection Rogue/Interfering AP DetectionEnabling AP Learning Classifying APsConfiguring Wireless Intrusion Protection 12-3 FIeld Description Configuring Rogue AP DetectionAP Classifications Valid Channel Types Misconfigured AP DetectionConfiguring Misconfigured AP Protection 12-6 Configuring Wireless Intrusion Protection Chapter Configuring Management Utilities Configuring Management UsersBasic WFS709TP Snmp Parameters Configuring SnmpSnmp for the WFS709TP Field Description Expected/Recommended ValueSNMPv3 User Details Snmp for Access Points Basic Access Point Snmp Parameters Field Description Expected/Recommended ValuesSNMPv3 Access Point User Details Traps on page 13-9 for a complete listConfiguring Management Utilities 13-7 13-8 Configuring Management Utilities WFS709TP Snmp Traps Snmp TrapsWFS709TP Traps Trap Description Priority LevelAccess Point/Air Monitor Traps Access Point Snmp TrapsConfiguring Management Utilities 13-11 Module Description Configuring LoggingWFS709TP Modules Configuring Management Utilities 13-13 Creating Guest Accounts Configuring Management Utilities 13-15 Servers for File Transfer Server Type ConfigurationManaging Files on the WFS709TP Managing Image Files Backing Up and Restoring the Flash File SystemCopying Log Files Copying Other FilesInstalling a Server Certificate 13-20 Configuring Management Utilities Chapter Configuring WFS709TP for Voice Voice over IP Proxy ARPBattery Boost Limiting the Number of Active Voice Calls WPA Fast Handover Appendix a Configuring Dhcp with Vendor-Specific Options OverviewConfiguring Option Windows-Based Dhcp ServersFigure A-1 Linux Dhcp Servers Figure A-2V1.0, June V1.0, June Appendix B Windows Client Example Configuration for Window XP Wireless Client Example ConfigurationFigure B-1 V1.0, June Figure B-3 Figure B-4 Figure B-5 Figure B-6 V1.0, June Appendix C Internal Captive Portal Creating a New Internal WebPassword UsernameBasic Html Example Html Head BodyInstalling a New Captive Portal Displaying Authentication Error MessageV1.0, June Language Customization Head TitlePortal Login/title Replace this with a link like the following Div id=errorbox style=display none V1.0, June Figure C-1shows a sample of a translated Customizing the Welcome Figure C-2V1.0, June Customizing the Pop-Up Box Customizing the Logged Out Box V1.0, June Appendix D Related Documents Document LinkV1.0, May Index NumbersNetgear FrameMaker Templates for the Reference Print Manual Index Index-3 Index-4