Filter
Top Products
Unied Access Point Administrator’s Guide
Unied Access Point Administrator’s Guide
Page 52
March 2012
Section 4 - Managing the Access Point
called EAP Encapsulation Over LANs (EAPOL). IEEE 802.1X provides dynamically-generated keys that are
periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking
(CRC) of each 802.11 frame.
This mode requires the use of an external RADIUS server to authenticate users. The AP requires a RADIUS server
capable of EAP, such as the Microsoft Internet Authentication Server. To work with Windows clients, the authentication
server must support Protected EAP (PEAP) and MSCHAP V2.
You can use any of a variety of authentication methods that the IEEE 802.1X mode supports, including certicates,
Kerberos, and public key authentication. You must congure the client stations to use the same authentication method
the AP uses.
Figure 24 - Modify Virtual Access Point Settings (IEEE802.1X)
Field Description
Use Global RADIUS
Server Settings
By default each VAP uses the global RADIUS settings that you dene for the AP at the top
of the VAP page. However, you can congure each VAP to use a different set of RADIUS
servers.
To use the global RADIUS server settings, make sure the check box is selected.
To use a separate RADIUS server for the VAP, clear the check box and enter the RADIUS
server IP address and key in the following elds.
RADIUS IP Address
Type
Specify the IP version that the RADIUS server uses.
You can toggle between the address types to congure IPv4 and IPv6 global RADIUS
address settings, but the AP contacts only the RADIUS server or servers for the address
type you select in this eld.
RADIUS IP Address
RADIUS IPv6
Address
Enter the IPv4 or IPv6 address for the primary RADIUS server for this VAP.
If the IPv4 RADIUS IP Address Type option is selected in the previous eld, enter the IP
address of the RADIUS server that all VAPs use by default, for example 192.168.10.23. If
the IPv6 RADIUS IP Address Type option is selected, enter the IPv6 address of the primary
global RADIUS server, for example 2001:0db8:1234::abcd.
RADIUS IP or IPv6
Address 1–3
Enter up to three IPv4 and/or IPv6 addresses to use as the backup RADIUS servers for this
VAP. The eld label is RADIUS IP Address when the IPv4 RADIUS IP Address Type option
is selected and RADIUS IPv6 Address when the IPv6 RADIUS IP Address Type option is
selected.
If authentication fails with the primary server, each congured backup server is tried in
sequence.
RADIUS Key Enter the RADIUS key in the text box.
The RADIUS Key is the shared secret key for the global RADIUS server. You can use up to
63 standard alphanumeric and special characters. The key is case sensitive, and you must
congure the same key on the AP and on your RADIUS server. The text you enter will be
displayed as “*” characters to prevent others from seeing the RADIUS key as you type.
RADIUS Key 1 – 3 Enter the RADIUS key associated with the congured backup RADIUS servers. The server
at RADIUS IP Address-1 uses RADIUS Key-1, RADIUS IP Address-2 uses RADIUS Key-2,
and so on.