Filter
Top Products
152 AT-TQ2403 - Management Software - User's Guide
Network Infrastructure and Choosing Between Built-in or
External Authentication Server
Network security configurations including Public Key Infrastructures (PKI), Remote Authentication
Dial-in User Server (RADIUS) servers, and Certificate Authority (CA) can vary a great deal from one
organization to the next in terms of how they provide Authentication, Authorization, and Accounting
(AAA). Ultimately, the particulars of your infrastructure will determine how clients should configure
security to access the wireless network. Rather than try to predict and address the details of every
possible scenario, this document provides general guidelines about each type of client configuration
supported by the AT-TQ2403 Management Software.
I Want to Use the Built-in Authentication Server (EAP-PEAP)
If you do not have a RADIUS server or
PKI infrastructure in place and/or are unfamiliar with many of
these concepts, we strongly recommend setting up the AT-TQ2403 Management Software with security
that uses the Built-in Authentication Server on the AP. This will mean setting up the AP to use either
IEEE 802.1x or WPA/WPA2 Enterprise (RADIUS) security mode. (The built-in authentication server
uses EAP-PEAP authentication protocol.)
If the AT-TQ2403 Wireless Access Point is set up to use IEEE 802.1x mode and the Built-in
Authentication Server, then configure wireless clients as described in “IEEE 802.1x Client Using
EAP/PEAP”.
If the AT-TQ2403 Wireless Access Point is configured to use WPA/WPA2 Enterprise (RADIUS)
mode and the Built-in Authentication Server, configure wireless clients as described in
“WPA/WPA2 Enterprise (RADIUS) Client Using EAP/PEAP
”.
I Want to Use an External RADIUS Server with EAP-TLS Certificates or EAP-PEAP
W
e make the assumption that if you have an external RADIUS server and PKI/CA setup, you will know
how to configure client security options appropriate to your security infrastructure beyond the
fundamental suggestions given here. Topics covered here that particularly relate to client security
configuration in a RADIUS - PKI environment are:
“IEEE 802.1x Client Using EAP/TLS Certificate
”.
“WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate
”.
“Configuring an External RADIUS Server to Recognize the AT-TQ2403 Wireless Access Point
”.
“Obtaining a TLS-EAP Certificate for a Client
”.
Details on how to configure an EAP-PEAP client with an external RADIUS server are not covered in this
document.
Make Sure the Wireless Client Software is Up-to-Date
Before starting out, please keep in mind that service packs, patches, and new releases of drivers and
other supporting technologies for wireless clients are being generated at a fast pace. A common problem
encountered in client security setup is not having the right driver or updates to it on the client. For
example; if you are setting up WPA on the client, make sure you have a driver installed that supports
WPA, which is a relatively new technology. Even many client cards currently available do not ship from
the factory with the latest drivers.