122
www.gateway.com
■ “Configuring a client to access an unsecure network (plain text mode)” on page 125
■ “Configuring static WEP security on a client” on page 126
■ “Configuring IEEE 802.1x security on a client” on page 129
■ “Configuring WPA with RADIUS security on a client” on page 137
■ “Configuring WPA-PSK security on a client” on page 144
■ “Configuring an external RADIUS server to recognize the Gateway 7001 AP” on
page 146
■ “Obtaining a TLS-EAP certificate for a client” on page 151
Network infrastructure and choosing between built-in
or external authentication server
Network security configurations including Public Key Infrastructures (PKI), Remote
Authentication Dial-in User Server (RADIUS) servers, and Certificate Authority (CA) can vary
a great deal from one organization to the next in terms of how they provide Authentication,
Authorization, and Accounting (AAA). Ultimately, the particulars of your infrastructure will
determine how clients should configure security to access the wireless network. Rather than
try to predict and address the details of every possible scenario, this document provides
general guidelines about each type of client configuration supported by the Gateway 7001
AP.
I want to use the built-in authentication server (EAP-PEAP)
If you do not have a RADIUS server or PKI infrastructure in place or if you are unfamiliar
with many of these concepts, we strongly recommend setting up the Gateway 7001 APs
with security that uses the built-in authentication server on the AP. This will mean setting
up the AP to use either IEEE 802.1x or WPA with RADIUS security mode. (The built-in
authentication server uses EAP-PEAP authentication protocol.)
■ If the Gateway 7001 AP is set up to use IEEE 802.1x mode and the Built-in
Authentication Server, then configure wireless clients as described in “IEEE 802.1x client
using EAP/PEAP” on page 129.
■ If the Gateway 7001 AP is configured to use WPA with RADIUS mode and the Built-in
Authentication Server, configure wireless clients as described in “WPA with RADIUS
client using EAP/PEAP” on page 137.
I want to use an external RADIUS server with EAP-TLS certificates or EAP-PEAP
We make the assumption that if you have an external RADIUS server and PKI/CA setup,
you will know how to configure client security options appropriate to your security
infrastructure beyond the fundamental suggestions given here. Topics covered here that
particularly relate to client security configuration in a RADIUS - PKI environment are: