Symbol Technologies WS 2000 Switch User Manual


 
Wireless Configuration 5-7
Configuring 802.1x EAP Authentication
The IEEE 802.1x is an authentication standard that ties EAP to both wired and wireless LAN applications. EAP provides
effective authentication with or without IEEE 802.1x Wired Equivalent Privacy (WEP) encryption, or with no encryption at all.
EAP supports multiple authentication measures. It requires that the site have an authentication (Remote Dial-In User
Service, or RADIUS) server on the wired side of the Access Port. All other packet types are blocked until the authentication
server verifies the client’s identity. To set up 802.1x EAP authentication:
1. On the Network Configuration --> Wireless --> <WLAN Name> --> <WLAN Name> Security screen, select the
802.1x EAP radio button to enable the 802.1x Extensible Authentication Protocol (EAP).
2. Click the 802.1x EAP Configuration button to display a sub-screen for specific authentication settings.
3. The administrator is required to specify the Radius Server Address of a primary RADIUS server for this type of
authentication to work. Providing the IP address of a secondary server is optional. The secondary server acts as a
failover server if the switch cannot successfully contact the primary server.
4. Specify the port on which the primary RADIUS server is listening in the Radius Port field. Optionally, specify the port
of a secondary (failover) server. Older RADIUS servers listen on ports 1645 and 1646. Newer servers listen on ports 1812
and 1813. Port 1645 or 1812 is used for authentication. Port 1646 or 1813 is used for accounting. The ISP or a network
administrator can confirm the appropriate primary and secondary port numbers.
5. The administrator can specify a Radius Shared Secret for authentication on the primary RADIUS server. Shared
secrets are used to verify that RADIUS messages (with the exception of the Access-Request message) are sent by a
RADIUS-enabled device that is configured with the same shared secret. The shared secret is a case-sensitive string that
can include letters, numbers, or symbols. Make the shared secret at least 22 characters long to protect the RADIUS
server from brute-force attacks.
Reauthentication Settings
6. Check the Enable Reauthentication checkbox to enable this authentication method.