1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DWL-2210AP
    5. /
  5. 29
Page 141 / 193 Scroll up to view Page 136 - 140
141
Appendix A: Configuring Security Settings on Wireless Clients
IEEE 802.1x Client Using EAP/TLS Certificate
Extensible Authentication Protocol
(EAP)
Transport Layer Security
(TLS), or
EAP-TLS, is an authentication protocol that supports the use of smart cards and
certificates. You have the option of using EAP-TLS with both WPA with RADIUS
and IEEE 802.1x modes if you have an external RADIUS server on the network to
support it.
If you want to use IEEE 802.1x mode with EAP-TLS certificates for authentication and
authorization of clients, you must have an external RADIUS server and a
Public Key Authority
Infrastructure
(PKI), including a
Certificate Authority
(CA), server configured on your network.
It is beyond the scope of this document to describe these configuration of the RADIUS
server, PKI, and CA server. Consult the documentation for those products.
Some good starting points available on the Web for the Microsoft Windows PKI software
are: “How to Install/Uninstall a Public Key Certificate Authority for Windows 2000” at
and How to Configure
a Certificate Server at
.
To use this type of security, you must do the following:
1. Add the D-Link DWL-2210AP to the list of RADIUS server clients. (See
“Configuring an External RADIUS Server to Recognize the D-Link DWL-2210AP” in
this manual.)
2. Configure the D-Link DWL-2210AP to use your RADIUS server (by providing the
RADIUS server IP address as part of the “IEEE 802.1x” security mode settings).
3. Configure wireless clients to use IEEE 802.1x security and “Smart Card or other
Certificate” as described in this section.
4. Obtain a certificate for this client as described in “Obtaining a TLS-EAP Certificate
for a Client” in this manual.
Page 142 / 193
142
Appendix A: Configuring Security Settings on Wireless Clients
If you configured the D-Link DWL-2210AP to use IEEE 802.1x security mode with an
external RADIUS server . . .
. . . then configure IEEE 802.1x security with certificate authentication on each client
as follows.
Choose WEP
Data Encryption
mode
Choose Open
Enable auto
key option
Choose Smart Card/Certificate
. . . then, click “Properties”
Enable (click to check) IEEE
802.1x authentication
Page 143 / 193
143
Appendix A: Configuring Security Settings on Wireless Clients
1. Configure the following settings on the Association tab on the Network Properties
dialog.
Enable (click to check) this option.
Choose Smart Card or other Certificate.
Authentication Tab
Enable IEEE 802.1x
authentication for this network
EAP Type
2. Configure these settings on the Authentication tab.
Association Tab
Network Authentication
Open
Data Encryption
WEP
Note:
An RC4 stream cipher is used to encrypt the
frame body and cyclic redundancy checking (CRC) of
each IEEE 802.11 frame. This is the same encryption
algorithm as is used for Static WEP; therefore, the data
encryption method configured on the client for this
mode is WEP.
This key is provided for me
automatically
Enable (click to check)
Select (check) the name of certificate
on this client (downloaded from
RADIUS server in a prerequisite
procedure)
Enable (click to check) “validate
server certificate.”
Page 144 / 193
144
Appendix A: Configuring Security Settings on Wireless Clients
3. Click
Properties
to bring up the Smart Card or other Certificate Properties dialog and
enable the “Validate server certificate” option.
Click
OK
on all dialogs to close and save your changes.
4. To complete the client configuration you must now obtain a certificate from the RADIUS
server and install it on this client. For information on how to do this see “Obtaining a
TLS-EAP Certificate for a Client” in this manual.
Connecting to the Wireless Network with an IEEE 802.1x Client Using a
Certificate
IEEE 802.1x clients should now be able to connect to the access point using their TLS
certificates. The certificate you installed is used when you connect, so you will not be
prompted for login information. The certificate is automatically sent to the RADIUS
server for authentication and authorization.
Smart Card or other Certificate Properties Dialog
Validate Server Certificate
Enable this option (click to check the box).
Certificates
In the certificate list shown, select the certificate for
this client.
Page 145 / 193
145
Appendix A: Configuring Security Settings on Wireless Clients
Configuring WPA with RADIUS Security on a Client
Wi-Fi Protected Access (WPA) with Remote Authentication Dial-In User Service
(RADIUS) is a Wi-Fi Alliance subset of IEEE 802.11i, which includes Temporal Key
Integrity Protocol (TKIP), and Counter mode/CBC-MAC Protocol IEEE. This mode
requires the use of a RADIUS server to authenticate users, and configuration of user
accounts on the access point.
When you configure WPA with RADIUS security mode on the access point, you have
a choice of whether to use the Built-in Authentication Server or an external RADIUS
server that you provide.
The D-Link DWL-2210AP Built-in Authentication Server supports Protected
Extensible
Authentication Protocol
(EAP) known as “EAP/PEAP” and
Microsoft Challenge Handshake
Authentication Protocol Version 2
(MSCHAP V2), which provides authentication for point-
to-point (PPP) connections between a Windows-based computer and network devices
such as access points.
So, if you configure the network (access point) to use security mode and choose
the Built-in Authentication server, you must configure client stations to use WPA with
RADIUS and EAP/PEAP.
If you configure the network (access point) to use this security mode with an external
RADIUS server, you must configure the client stations to use WPA with RADIUS and
whichever security protocol your RADIUS server is configured to use.
WPA with RADIUS Client Using EAP/PEAP
The Built-In Authentication Server on the D-Link DWL-2210AP uses Protected
Extensible Authentication Protocol
(EAP) known as “EAP/PEAP”.
• If you are using the Built-in Authentication server with “WPA with RADIUS” security
mode on the D-Link DWL-2210AP, then you will need to set up wireless clients to use
PEAP.
• Additionally, you may have an external RADIUS server that uses EAP/PEAP. If so,
you will need to (1) add the D-Link DWL-2210AP to the list of RADIUS server clients,
and (2) configure your “WPA with RADIUS” wireless clients to use PEAP.
The following example assumes you are using the Built-in Authentication server that
comes with the D-Link DWL-2210AP. If you are setting up EAP/PEAP on a client of
an AP that is using an external RADIUS server, the client configuration process will
differ somewhat from this example especially with regard to certificate validation.

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top