WS 2000 Wireless Switch System Reference Guide5-8
7. In the Period field, set the EAP reauthentication period to match the appropriate level of security. A shorter time interval
(~30 seconds or longer) provides tighter security on this WLAN’s wireless connections. A longer interval (5000-9999
seconds) relaxes security on wireless connections. The reauthentication period setting does not affect a wireless
connection’s throughput. The engaged Access Port continues to forward traffic during the reauthentication process.
8. In the Max. Retries field, set the maximum number of retries for a client to successfully reauthenticate after failing to
complete the EAP process. If the mobile unit fails the authentication process in specified number of retries, the switch
will terminate the connection to the mobile unit.
Advanced Settings
9. The MU Quiet Period field allows the administrator to specify the idle time (in seconds) between a mobile unit’s
authentication attempts, as required by the server.
10. The MU Timeout field allows the administrator to specify the time (in seconds) for the mobile unit’s retransmission of
EAP-Request packets.
11. The MU Tx Period field allows the administrator to specify the time period (in seconds) for the server’s retransmission
of the EAP-Request/Identity frame.
12. The MU Max Retries field allows the administrator to set the maximum number of times for the mobile unit to
retransmit an EAP-Request frame to the server before it times out the authentication session. Note that this is a
different value from the Max Retry field at the top of the window.
13. The Server Timeout field indicates the maximum time (in seconds) that the switch will wait for the server’s
transmission of EAP Transmit packets.
14. The Server Max Retries field allows the administrator to set the maximum number of times for the server to
retransmit an EAP-Request frame to the client before it times out the authentication session. Note that this is a different
value from the Max. Retries field at the top of the window.
When changing the Server Max Retries setting to anything other than the default value, there
is a known bug that can cause RADIUS authentication to fail.
RADIUS Client Accounting and Syslog Setup
15. RADIUS accounting allows for the delivery of accounting packets from a Network Access Server (NAS) to the RADIUS
accounting server where the information is stored. To enable this feature, click the Enable Accounting box.
16. If accounting is enabled, enter the maximum amount of time a client will wait for an acknowledgement from the RADIUS
accounting server before resending the accounting packet in the MU Timeout field. In the Retries field, enter the
maximum number of times for the client will resend the accounting packet to the RADIUS accounting server before
giving up.
17. To enable 802.1x EAP message logging to an external Syslog server, check the Enable Syslog box and then specify the
IP address of the syslog server in the Syslog Server IP field.
18. Click the Ok button to save changes.
Configuring Kerberos Authentication
Kerberos provides a strong authentication method for client/server applications by using secret-key cryptography. Using this
protocol, a client can prove their identity to a server (and vice versa) across an insecure network connection. After a client
and server use Kerberos to prove their identity, they can encrypt all communications to assure privacy and data integrity.
1. Select the Kerberos radio button to enable Kerberos authentication.