Filter
Top Products
AT-TQ2403 Management Software User's Guide 169
WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate
Extensible Authentication Protocol (EAP) Transport Layer Security (TLS), or EAP-TLS, is an
authentication protocol that supports the use of smart cards and certificates. You have the option of
using EAP-TLS with both WPA/WPA2 Enterprise (RADIUS) and IEEE 802.1x modes if you have an
external RADIUS server on the network to support it.
Note: If you want to use IEEE 802.1x mode with EAP-TLS certificates for authentication and
authorization
of clients, you must have an external RADIUS server and a Public Key Authority
Infrastructure (PKI), including a Certificate Authority (CA), server configured on your network. It
is beyond the scope of this document to describe these configurations of the RADIUS server,
PKI, and CA server. Consult the documentation for those products.
Some good starting points available on the Web for the Microsoft Windows PKI software are:
"How to Install/Uninstall a Public Key Certificate Authority for Windows 2000" at
http://support.microsoft.com/defau
lt.aspx?scid=kb;EN-US;231881
and How to Configure a Certificate Server at
http://support.microsoft.com/default.aspx?scid=kb;en-us;318710#3
To use this type of security, you must do the following:
1. Add the AT-TQ2403 Wireless Access Point to the list of RADIUS server clients. (See “Configuring
an External RADIUS Server to Recognize the AT-TQ2403 Wireless Access Point”.)
2. Configure the AT-TQ2403 Wireless Access Point to use your RADIUS server (by providing the
RADIUS server IP address as part of the "WPA/WPA2 Enterprise [RADIUS]" security mode
settings).
3. Configure wireless clients to use WPA security and "Smart Card or other Certificate" as described
in this section.
4. Obtain a certificate for this client as described in “Obtaining a TLS-EAP Certificate for a Client
”.
If you configured the AT-TQ2403 Wireless Access Point to use WPA/WPA2 Enterprise (RADIUS)
security mode with an external RADIUS server.