WFS709TP ProSafe Smart Wireless Switch Software Administration Manual
Configuring 802.1x Authentication 7-3
v1.0, June 2007
For the WFS709TP to communicate with the authentication server, you must configure the IP
address, authentication port, and accounting port of the server on the WFS709TP. The
authentication server must be configured with the IP address of the RADIUS client, which here is
the WFS709TP. Both the WFS709TP and the authentication server must be configured to use the
same shared secret.
As described in Chapter 1, “Overview of the WFS709TP”, the client communicates with the
WFS709TP through a Generic Routing Encapsulation (GRE) tunnel in order to form an
association with an AP and to authenticate to the network. Therefore, the network authentication
and encryption configured for an ESSID must be the same on both the client and the WFS709TP.
“Configuring 802.1x Authentication” on page 7-4 describes 802.1x configuration on the
WFS709TP.
Authentication Terminated on WFS709TP
Figure 7-2 is an overview of the parameters that you need to configure on 802.1x authentication
components when 802.1x authentication is terminated on the WFS709TP (AAA FastConnect).
User authentication is performed either via the WFS709TP’s internal database or by a non-802.1x
server.
Figure 7-2
Client
(Supplicant)
User
authentication via
internal database
or non-802.1x
server
ESSID
Network authentication
Data encryption
ESSID
Network authentication
Data encryption
EAP type = EAP-PEAP
Inner EAP = EAP-GTC or
EAP- MSCHAPv2
EAP type = EAP-PEAP
Inner EAP = EAP-GTC or
EAP- MSCHAPv2
WFS709TP
(Autuenticator and
authentication server)
ESSID
Network authentication
Data encryption