D-Link DWL-2210AP Router Manual PDF (Setup & Configuration Guide)

Page 131 / 193 Scroll up to view Page 126 - 130

131

• Conﬁguring an External RADIUS Server to Recognize the D-Link DWL-2210AP

• Obtaining a TLS-EAP Certiﬁcate for a Client

Network Infrastructure and Choosing Between Built-in or External

Authentication Server

Network security conﬁgurations including

Public Key Infrastructures

(PKI),

Remote

Authentication Dial-in User Server

(RADIUS) servers, and

Certiﬁcate Authority

(CA)

can vary a great deal from one organization to the next in terms of how they provide

Authentication, Authorization,

and

Accounting

(AAA). Ultimately, the particulars of

your infrastructure will determine how clients should conﬁgure security to access the

wireless network. Rather than try to predict and address the details of every possible

scenario, this document provides general guidelines about each type of client

conﬁguration supported by the D-Link DWL-2210AP.

I Want to Use the Built-in Authentication Server (EAP-PEAP)

If you do not have a RADIUS server or PKI infrastructure in place and/or are

unfamiliar with many of these concepts, we strongly recommend setting up the D-Link

DWL-2210APs with security that uses the

Built-in Authentication Server

on the AP. This

will mean setting up the AP to use either IEEE 802.1x or WPA with RADIUS security

mode. (The built-in authentication server uses EAP-PEAP authentication protocol.)

•

I Want to Use an External RADIUS Server with EAP-TLS Certiﬁcates or EAP-PEAP

We make the assumption that if you have an external RADIUS server and PKI/CA

setup, you will know how to conﬁgure client security options appropriate to your security

infrastructure beyond the fundamental suggestions given here. Topics covered here that

particularly relate to client security conﬁguration in a RADIUS - PKI environment are:

• “IEEE 802.1x Client Using EAP/TLS Certiﬁcate” in this manual.

• “WPA with RADIUS Client Using EAP-TLS Certiﬁcate” in this manual.

• “Conﬁguring an External RADIUS Server to Recognize the D-Link DWL-2210AP” in

this manual.

• “Obtaining a TLS-EAP Certiﬁcate for a Client” in this manual.

Details on how to conﬁgure an EAP-PEAP client with an external RADIUS server are

not covered in this document.

If the D-Link DWL-2210AP is conﬁgured to use WPA with RADIUS mode and the

Built-in Authentication Server, conﬁgure wireless clients as described in “WPA with

RADIUS Client Using EAP/PEAP” in this manual.

If the D-Link DWL-2210AP is set up to use IEEE 802.1x mode and the Built-in

Authentication Server, then conﬁgure wireless clients as described in “IEEE 802.1x

Client Using EAP/PEAP” in this manual.

•

Appendix A: Conﬁguring Security Settings on Wireless Clients

Page 132 / 193

132

Make Sure the Wireless Client Software is Up-to-Date

Before starting out, please keep in mind that service packs, patches, and new releases

of drivers and other supporting technologies for wireless clients are being generated at

a fast pace. A common problem encountered in client security setup is not having the

right driver or updates to it on the client. For example; if you are setting up WPA on the

client, make sure you have a driver installed that supports WPA, which is a relatively

new technology. Even many client cards currently available do not ship from the factory

with the latest drivers.

Accessing the Microsoft Windows Wireless Client

Security Settings

Generally, on Windows XP there are two ways to get to the security properties for a

wireless client:

1. From the wireless connection icon on the Windows task bar:

Appendix A: Conﬁguring Security Settings on Wireless Clients

-Or-

1. From the Windows Start menu at the left end of the task bar:

Right-click on the Wireless connection icon in your Windows task bar and

select

View available wireless networks

.

Select the SSID of the network to which you want to connect and click

Advanced

to bring up the Wireless Network Connection Properties dialog.

•

From the Windows Start menu on the task bar, choose

Start > My Network

Places

to bring up the Network Connections window.

From the Network Tasks menu on the left, click

View Network Connections

to

bring up the Network Connections window.

Select the Wireless Network Connection you want to conﬁgure, right-mouse

click and choose

View available wireless networks

.

Select the SSID of the network to which you want to connect and click

Advanced

to bring up the Wireless Network Connection Properties dialog.

The Wireless Networks tab (which should be automatically displayed) lists

Available networks and Preferred networks.

•

Page 133 / 193

133

List of available networks will

change depending on client

location. Each network (or access

point) that is detected by the client

shows up in this list. (“Refresh”

updates the list with current

information.)

For each network you want to

connect to, configure security

settings on the client to match the

security mode being used by that

network.

Note:

The exception to this is if

the AP is conﬁgured to prohibit

broadcast of its network name, the

name will not show on this list. In

that case you would need to type

in the exact network name to be

able to connect to it.

Appendix A: Conﬁguring Security Settings on Wireless Clients

This brings up the Wireless Network

Connection Properties dialog with

the Association and Authentication

tabs for the selected network.

From the list of “Available networks”,

select the SSID of the network to

which you want to connect and

click

Conﬁgure

.

Use this dialog for configuring

all the different types of client

security described in the following

sections. Make sure that the

Wireless Network Properties

dialog you are working in pertains

to the Network Name (SSID) for

the network you want to reach

on the wireless client you are

conﬁguring.

2.

Page 134 / 193

134

Appendix A: Conﬁguring Security Settings on Wireless Clients

Conﬁguring a Client to Access an Unsecure Network

(Plain Text mode)

If the access point or wireless network to which you want to connect is conﬁgured as

“Plain Text” security mode (no security), you need to conﬁgure the client accordingly. A

client using no security to connect is conﬁgured with Network Authentication “Open” to

that network and Data Encryption “Disabled” as described below.

If you do have security conﬁgured on a client for properties of an unsecure network, the

security settings actually can prevent successful access to the network because of the

mismatch between client and access point security conﬁgurations.

To conﬁgure the client to not use any security, bring up the client Network Properties

dialog and conﬁgure the following settings.

Set Network Authentication to

Open

Set Data Encryption to

Disabled

Association Tab

Network Authentication

Open

Data Encryption

Disabled

Page 135 / 193

135

Appendix A: Conﬁguring Security Settings on Wireless Clients

Conﬁguring Static WEP Security on a Client

Static

Wired Equivalent Privacy

(WEP) encrypts data moving across a wireless network

based on a static (non-changing) key. The encryption algorithm is a “stream” cipher

called RC4. The access point uses a key to transmit data to the client stations. Each

client must use that same key to decrypt data it receives from the access point. Different

clients can use different keys to transmit data to the access point. (Or they can all use

the same key, but this is less secure because it means one station can decrypt the data

being sent by another.)

If you conﬁgured the D-Link DWL-2210AP to use Static WEP security mode . . .

Rate

Popular D-Link Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share