137
www.gateway.com
Configuring WPA with RADIUS security on a client
Wi-Fi Protected Access (WPA) with Remote Authentication Dial-In User Service (RADIUS)
is a Wi-Fi Alliance subset of IEEE 802.11i, which includes Temporal Key Integrity Protocol
(TKIP), and Counter mode/CBC-MAC Protocol mechanisms. This mode requires the use
of a RADIUS server to authenticate users, and configuration of user accounts on the access
point.
When you configure WPA with RADIUS security mode on the access point, you have a
choice of whether to use the Built-in Authentication Server or an external RADIUS server
that you provide.
The Gateway 7001 AP Built-in Authentication Server supports Protected Extensible
Authentication Protocol (EAP) known as “EAP/PEAP” and Microsoft Challenge Handshake
Authentication Protocol Version 2 (MSCHAP V2), which provides authentication for
point-to-point (PPP) connections between a Windows-based computer and network
devices such as access points.
So, if you configure the network (access point) to use security mode and choose the Built-in
Authentication server, you must configure client stations to use WPA with RADIUS and
EAP/PEAP.
If you configure the network (access point) to use this security mode with an external
RADIUS server, you must configure the client stations to use WPA with RADIUS and
whichever security protocol your RADIUS server is configured to use.
WPA with RADIUS client using EAP/PEAP
The Built-In Authentication Server on the Gateway 7001 AP uses Protected Extensible
Authentication Protocol (EAP) known as “EAP/PEAP”.
■ If you are using the Built-in Authentication server with “WPA with RADIUS” security
mode on the Gateway 7001 AP, then you will need to set up wireless clients to use PEAP.
■ Additionally, you may have an external RADIUS server that uses EAP/PEAP. If so, you
will need to (1) configure the RADIUS server and set up user accounts on it, and (2)
configure your “WPA with RADIUS” wireless clients to use PEAP.
If you configured the Gateway 7001 AP to use WPA with RADIUS security mode and to
use either the built-in authentication server or an external RADIUS server that uses
EAP/PEAP, you must first set up user accounts on the access point (
Cluster > User
Management
), then configure WPA security with PEAP authentication on each client.
Important The following example assumes you are using the Built-in
Authentication server that comes with the Gateway 7001 AP. If you
are setting up EAP/PEAP on a client of an AP that is using an external
RADIUS server, the client configuration process will differ somewhat
from this example, especially with regard to certificate validation.