Symbol Technologies WS 2000 manual Security-How to Configure 802.1x EAP Authentication

Security—How to Configure 802.1x EAP Authentication

6.Set the maximum number of retries (Max. Retries) for a client to successfully reauthenticate after failing to complete the EAP process. If the mobile unit fails the authentication process in specified number of retries, the switch will terminate the connection to the mobile unit.

7.The administrator is required to specify the IP address of a primary RADIUS server for this type of authentication to work. Providing the IP address of a secondary server is optional. The secondary server acts as a failover server if the switch cannot successfully contact the primary server.

8.Specify the port on which the primary RADIUS server is listening in the Radius port field. Optionally, specify the port of a secondary (failover) server. Older RADIUS servers listen on ports 1645 and 1646. Newer servers listen on ports 1812 and 1813. Port 1645 or 1812 is used for authentication. Port 1646 or 1813 is used for accounting. The ISP or a network administrator can confirm the appropriate primary and secondary port numbers.

9.The administrator can specify a Radius shared secret for authentication on the primary RADIUS server. Shared secrets are used to verify that RADIUS messages, with the exception of the Access-Request message, are sent by a RADIUS-enabled device that is configured with the same shared secret. The shared secret is a case-sensitive string that can have letters, numbers, or symbols. Make the shared secret at least 22 characters long to protect the RADIUS server from brute-force attacks.

10.The MU Quiet Period field allows the administrator to specify the idle time (in seconds) between a mobile unit’s authentication attempts, as required by the server.

11.The MU Timeout allows the administrator to specify the time (in seconds) for the mobile unit’s retransmission of EAP-Request packets.

12.The MU Tx Period field allows the administrator to specify the time period (in seconds) for the server’s retransmission of the EAP-Request/Identity frame.

13.The MU Max Retries field allows the administrator to set the maximum number of times for the mobile unit to retransmit an EAP-Request frame to the server before it times out the authentication session. Note that this is a different value from the Max Retry field at the top of the window.

14.The Server Timeout indicates the maximum time (in seconds) that the switch will wait for the server’s transmission of EAP Transmit packets.

15.The Server Max Retries field allows the administrator to set the maximum number of times for the server to retransmit an EAP-Request frame to the client before it times out the authentication session. Note that this is a different value from the Max Retry field at the top of the window.

16.Click the Apply button to save changes.