Support User Manuals

Cisco Systems WAP321 Network Card User Manual

Open as PDF

of 179

Wireless

Networks

Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE 80

5

This mode requires the use of an external RADIUS server to authenticate users.

The WAP device requires a RADIUS server that supports EAP, such as the

Microsoft Internet Authentication Server. To work with Microsoft Windows clients,

the authentication server must support Protected EAP (PEAP) and MSCHAP V2.

You can use any of a variety of authentication methods that the IEEE 802.1X mode

supports, including certificates, Kerberos, and public key authentication. You must

configure the client stations to use the same authentication method the WAP

device uses.

These parameters configure Dynamic WEP:

• Use Global RADIUS Server Settings—By default, each VAP uses the

global RADIUS settings that you define for the WAP device (see RADIUS

Server). However, you can configure each VAP to use a different set of

RADIUS servers.

To use the global RADIUS server settings, ensure that the check box is

selected.

To use a separate RADIUS server for the VAP, uncheck the check box and

enter the RADIUS server IP address and key in these fields:

• Server IP Address Type—The IP version that the RADIUS server uses.

You can toggle between the address types to configure IPv4 and IPv6

global RADIUS address settings, but the WAP device contacts only the

RADIUS server or servers for the address type you select in this field.

• Server IP Address 1 or Server IPv6 Address 1—The address for the

primary RADIUS server for this VAP.

When the first wireless client tries to authenticate with the WAP device, the

WAP device sends an authentication request to the primary server. If the

primary server responds to the authentication request, the WAP device

continues to use this RADIUS server as the primary server, and

authentication requests are sent to the address you specify.

The IPv4 address should be in a form similar to xxx.xxx.xxx.xxx (192.0.2.10).

The IPv6 address should be in a form similar to

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx (2001:DB8::CAD5:7D91).

• Server IP Address 2 to 4 or Server IPv6 Address 2 to 4—Up to three IPv4

or IPv6 backup RADIUS server addresses.

If authentication fails with the primary server, each configured backup

server is tried in sequence.

previous next