Determine the Authentication Method | NETGEAR WFS709TP-100NAS

WFS709TP ProSafe Smart Wireless Switch Software Administration Manual

Determine the Authentication Method

A user must authenticate to the system in order to access WLAN resources. Table 5-1describes the types of authentication that you can configure for a WLAN.

Table 5-1. Authentication Methods

Method	Description

None (also called open	This is the default authentication protocol. The client’s identity, in the form of the
system authentication)	media access control (MAC) address of the wireless adapter in the wireless
	client, is passed to the WFS709TP. Essentially, any client requesting access to
	the WLAN is authenticated.

IEEE 802.1x	The IEEE 802.1x authentication standard allows for the use of keys that are
	dynamically generated on a per-user basic (as opposed to a static key that is the
	same on all devices in the network).
	The 802.1x standard requires the use of a RADIUS authentication server. Most
	Lightweight Directory Access Protocol (LDAP) servers do not support 802.1x.

Wi-Fi Protected Access	WPA implements most of the IEEE 802.11i standard. It is designed for use with
(WPA)	an 802.1x authentication server (the Wi-Fi Alliance refers to this mode as WPA-
	Enterprise). WPA uses the Temporal Key Integrity Protocol (TKIP) to dynamically
	change keys and RC4 stream cipher to encrypt data.

WPA in pre-shared key	With WPA-PSK, all clients use the same key (the Wi-Fi Alliance refers to this
(PSK) mode (WPA-PSK)	mode as WPA-Personal).
	In PSK mode, users must enter a passphrase from 8-63 characters to access
	the network. PSK is intended for home and small office networks where
	operating an 802.1x authentication server is not practical.

WPA2	WPA2 implements the full IEEE 802.11i standard. In addition to WPA features,
	WPA2 provides Counter Mode with Cipher Blocking Chaining Message
	Authentication Code Protocol (CCMP) for encryption that uses the Advanced
	Encryption Standard (AES) algorithm. (The Wi-Fi Alliance refers to this mode as
	WPA2-Enterprise.)

WPA2-PSK	WPA2-PSK is WPA2 used in PSK mode, where all clients use the same key.
	(The Wi-Fi Alliance refers to this mode as WPA2-Personal.)

Captive Portal	Captive Portal allows users to authenticate using a web-based portal. Captive
	Portal users can be authenticated to an external authentication server or to the
	internal database on the WFS709TP. Captive Portal authentication does not
	provide any type of data encryption beyond the SSL encryption used during the
	authentication. You can configure WEP encryption or WPA-PSK, or WPA2-PSK
	authentication in conjunction with Captive Portal.

MAC	Allows the media access control (MAC) address of a device to be authenticated
	to an external authentication server or to the internal database on the
	WFS709TP. You can configure MAC authentication in conjunction with WPA-
	PSK or WPA2-PSK authentication.


5-2	Configuring WLANS

v1.0, June 2007

Image 98

NETGEAR WFS709TP-100NAS manual Determine the Authentication Method, Authentication Methods, Method Description

Contents

NETGEAR, Inc Statement of Conditions Technical SupportTrademarks Certificate of the Manufacturer/Importer Europe United StatesCanada Japan Australia/New Zealand Lithium Battery Safety NoticeKorea Rest of World European Union RoHS China RoHS Model Number Publication Date June Product Family Wireless Product NameProduct and Publication Details Contents Chapter Configuring Network Parameters Chapter Configuring Wlans Chapter Configuring MAC-Based Authentication Appendix a Configuring Dhcp with Vendor-Specific Options Appendix D Related Documents Index About This Manual Conventions, Formats, and Scope How to Use This Manual How to Print this Manual Revision History Xvi About This Manual WFS709TP System Components Netgear ProSafe Access PointsChapter Overview of the WFS709TP WFS709TP WFS709TP Data center Automatic RF Channel and Power Settings Wireless clients FloorWiring closet Internet WFS709TP ProSafe Switches RF Monitoring V1.0, June Netgear Wireless APs Local WFS709TP Master WFS709TP WFS709TP Software Basic Wlan Configuration Authentication V1.0, June Encryption Encryption Options by Authentication MethodAuthentication Method Encryption Option Vlan Floor Wiring closet Internet Netgear AP Wireless Client Access to the Wlan Association 802.1x Authentication Captive Portal MAC Address Authentication Client Mobility and AP Association Configuring and Managing the WFS709TP V1.0, June Browser Interface Tools Configuration ToolTools Menu Description Configuration Pages Basic Wlan V1.0, June Chapter Deploying a Basic WFS709TP System Configuration OverviewRouter is default gateway for WFS709TP and clients Deployment Scenario #1 Deployment Scenario #2 Run the initial setup seeRun the Initial Setup on Deployment Scenario #3 Configuring the WFS709TP Run the Initial Setup V1.0, June Configure the Switch for the Access Points V1.0, June Configure a Vlan for Network Connection Create the Vlan Configure the Trunk Port Configure the Default Gateway Connect the WFS709TP to the Network Configure the Loopback for the WFS709TP Deploying APs Enable APs to Connect to the WFS709TP Enable APs to Obtain IP Addresses Locate the WFS709TP V1.0, June Install APs Provision APs V1.0, June Additional Configuration Creating a Vlan Chapter Configuring Network ParametersConfiguring VLANs Assigning a Static Address to a Vlan To local Configuring a Vlan to Receive a Dynamic AddressCable modem or Bras Internet DNS/WINS Server from Dhcp Default Gateway from DhcpEnabling the Dhcp Client Configuring Static Routes Configuring the Loopback IP Address V1.0, June V1.0, June Chapter RF Plan RF Plan Overview Planning Requirements Before You BeginTask Overview Using RF Plan Building Specification Overview Building List Building Dimension V1.0, June AP Modeling Parameters Design Model Radio TypeOverlap Factor Rates AM Modeling ParametersUsers Planning Floors Monitor Rates Zoom Floor Editor Dialog Box CoverageCoverage Rate Area Editor Dialog Box V1.0, June Access Point Editor V1.0, June AP Planning Initialize Start Viewing the Results AM Planning Exporting and Importing Files Export Buildings Locate Import Buildings RF Plan Example Sample Building Text Box Information Building Planning SpecificationsCreate a Building Model the Access Points Model the Air Monitors Add and Edit a Floor Defining Areas Create a Don’t Care Area Create a Don’t Deploy Area Running the AP Plan Running the AM Plan Click Save V1.0, June Chapter Configuring Wlans Method Description Determine the Authentication MethodAuthentication Methods Authentication Type Authentication Servers Authentication ServerSupported Authentication Servers by Authentication Types Internal DB Basic Wlan Configuration in the Browser Interface Determine the Default Vlan V1.0, June Wlan Basic Configuration Parameters Parameter Definition Example Configuration Parameter Definition V1.0, June Advanced Wlan Configuration in the Browser Interface Configuring Global Parameters Configuring Location-Specific Parameters Add or Modify SSIDs Default Ssid Advanced Ssid Configuration Settings Configure AP Information V1.0, June Configuring Radio Settings V1.0, June V1.0, June Example Configuration V1.0, June Advantages of Using IRM Channel SettingPower Setting IntelliFi RF Management Configuring IRM V1.0, June V1.0, June Radius Server Configuration Information Chapter Configuring AAA ServersConfiguring an External Radius Server Parameter Description Configuring AAA Servers Adding Users to the Internal Database Internal Database Entry Information Configuring Authentication Timers Logon User Lifetime V1.0, June V1.0, June Chapter Configuring 802.1x Authentication 802.1x Authentication Network authentication Data encryption Authentication with a Radius ServerAuthentication Client User Authentication Terminated on WFS709TPAuthentication via Internal database Configuring 802.1x Authentication Parameter Description Default 802.1x Authentication1x Authentication Browser Interface Page Options Advanced Configuration Options for Advanced Authentication Fields Field Description Default 500 Chapter Configuring the Captive Portal Overview of Captive Portal Functions Configuring Captive Portal Configuring Advanced Captive Portal Options Enabled Configuring the AAA Server for Captive Portal Changing the Protocol to Http Personalizing the Captive Portal V1.0, June V1.0, June Configuring MAC-Based Authentication Configuring Users V1.0, June V1.0, June Moving to a Multi-Switch Environment Chapter Adding Local WFS709TPs Configuring L2/L3 Settings Configuring Local WFS709TPsConfiguring the Local WFS709TP Configuring Trusted Ports Configuring APs Rebooting APs Virtual Router Redundancy Protocol Chapter Configuring RedundancyRedundancy Configuration Configuring Local WFS709TP Redundancy Vrrp Parameters for Local WFS709TP Redundancy Parameter Explanation Expected or Recommended Values Master WFS709TP Redundancy Vrrp Associations Association Function Switch IDMaster-Local WFS709TP Redundancy Layer MasterVlan 1, 2, ... N Network Configuring Redundancy 11-7 11-8 Configuring Redundancy Configuring Wireless Intrusion Protection Rogue/Interfering AP Detection Enabling AP Learning Classifying APs Configuring Wireless Intrusion Protection 12-3 FIeld Description Configuring Rogue AP DetectionAP Classifications Valid Channel Types Misconfigured AP DetectionConfiguring Misconfigured AP Protection 12-6 Configuring Wireless Intrusion Protection Chapter Configuring Management Utilities Configuring Management Users Basic WFS709TP Snmp Parameters Configuring SnmpSnmp for the WFS709TP Field Description Expected/Recommended Value SNMPv3 User Details Snmp for Access Points Basic Access Point Snmp Parameters Field Description Expected/Recommended Values SNMPv3 Access Point User Details Traps on page 13-9 for a complete list Configuring Management Utilities 13-7 13-8 Configuring Management Utilities WFS709TP Snmp Traps Snmp TrapsWFS709TP Traps Trap Description Priority Level Access Point/Air Monitor Traps Access Point Snmp Traps Configuring Management Utilities 13-11 Module Description Configuring LoggingWFS709TP Modules Configuring Management Utilities 13-13 Creating Guest Accounts Configuring Management Utilities 13-15 Servers for File Transfer Server Type ConfigurationManaging Files on the WFS709TP Managing Image Files Backing Up and Restoring the Flash File System Copying Log Files Copying Other Files Installing a Server Certificate 13-20 Configuring Management Utilities Chapter Configuring WFS709TP for Voice Voice over IP Proxy ARP Battery Boost Limiting the Number of Active Voice Calls WPA Fast Handover Appendix a Configuring Dhcp with Vendor-Specific Options Overview Configuring Option Windows-Based Dhcp Servers Figure A-1 Linux Dhcp Servers Figure A-2 V1.0, June V1.0, June Appendix B Windows Client Example Configuration for Window XP Wireless Client Example Configuration Figure B-1 V1.0, June Figure B-3 Figure B-4 Figure B-5 Figure B-6 V1.0, June Appendix C Internal Captive Portal Creating a New Internal Web Password Username Basic Html Example Html Head Body Installing a New Captive Portal Displaying Authentication Error Message V1.0, June Language Customization Head TitlePortal Login/title Replace this with a link like the following Div id=errorbox style=display none V1.0, June Figure C-1shows a sample of a translated Customizing the Welcome Figure C-2 V1.0, June Customizing the Pop-Up Box Customizing the Logged Out Box V1.0, June Appendix D Related Documents Document Link V1.0, May Index Numbers Netgear FrameMaker Templates for the Reference Print Manual Index Index-3 Index-4