1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DWL-2210AP
    5. /
  5. 30
Page 146 / 193 Scroll up to view Page 141 - 145
146
Appendix A: Configuring Security Settings on Wireless Clients
If you configured the D-Link DWL-2210AP to use WPA with RADIUS security mode
and to use either the Built-in Authentication Server or an external RADIUS server that
uses EAP/PEAP . . .
First set up user accounts on the access point (Cluster > User Management). . . .
. . . then configure WPA security with PEAP authentication on each client as follows.
Page 147 / 193
147
Appendix A: Configuring Security Settings on Wireless Clients
Choose
either TKIP
or AES for
the Data
Encryption
mode
Choose Protected EAP (PEAP)
Disable (click to uncheck)
“Validate server certificate”
Choose “secured
password (EAP-
MSCHAP v2)”
. . . then click
“Configure”
Choose WPA
. . . then, click
“Properties”
Disable (click to uncheck) option to
automatically use Windows logon
name and password
Page 148 / 193
148
Appendix A: Configuring Security Settings on Wireless Clients
2. Configure this setting on the Authentication tab.
3. Click
Properties
to bring up the Protected EAP Properties dialog and configure the
following settings.
4. Click
Configure
to bring up the EAP MSCHAP v2 Properties dialog.
On this dialog, disable (click to uncheck) the option to “Automatically use my Windows
login name . . .etc. so that upon login you will be prompted for user name and
password.
Click
OK
on all dialogs (starting with the EAP MSCHAP v2 Properties dialog) to close
and save your changes.
Logging on to the Wireless Network with a WPA PEAP Client
“WPA with RADIUS” PEAP clients should now be able to associate with the access
point. Client users will be prompted for a user name and password to authenticate
with the network.
1. Configure the following settings on the Association and Authentication tabs on the
Network Properties dialog.
Association Tab
Network Authentication
WPA
Data Encryption
TKIP or AES depending on how this option is configured
on the access point.
Note:
When the Cipher Suite on the access point is set
to “Both”, then TKIP clients with a valid TKIP key and
AES clients with a valid CCMP (AES) key can associate
with the access point. For more information, see
Administrators Guide and Online Help on the access
point.
Authentication Tab
EAP Type
Choose “Protected EAP (PEAP)”
Protected EAP Properties Dialog
Validate Server Certificate
Disable this option (click to uncheck the box).
Note:
This example assumes you are using the Built-in
Authentication server on the AP. If you are setting up
EAP/PEAP on a client of an AP that is using an external
RADIUS server, you might certificate validation and
choose a certificate, depending on your infrastructure.
Select Authentication Method
Choose “Secured password (EAP-MSCHAP v2)”
Page 149 / 193
149
WPA with RADIUS Client Using EAP-TLS Certificate
Extensible Authentication Protocol
(EAP)
Transport Layer Security
(TLS), or EAP-TLS,
is an authentication protocol that supports the use of smart cards and certificates. You
have the option of using EAP-TLS with both WPA with RADIUS and IEEE 802.1x modes
if you have an external RADIUS server on the network to support it.
Appendix A: Configuring Security Settings on Wireless Clients
To use this type of security, you must do the following:
1. Add the D-Link DWL-2210AP to the list of RADIUS server clients. (See
“Configuring an External RADIUS Server to Recognize the D-Link DWL-2210AP” in
this manual.)
2. Configure the D-Link DWL-2210AP to use your RADIUS server (by providing
the RADIUS server IP address as part of the “WPA with RADIUS” security mode
settings).
3. Configure wireless clients to use WPA security and “Smart Card or other
Certificate” as described in this section.
4. Obtain a certificate for this client as described in “Obtaining a TLS-EAP Certificate
for a Client” in this manual.
If you configured the D-Link DWL-2210AP to use WPA with RADIUS security mode
with an external RADIUS server . . .
If you want to use IEEE 802.1x mode with EAP-TLS certificates for authentication and
authorization of clients, you must have an external RADIUS server and a
Public Key Authority
Infrastructure
(PKI), including a
Certificate Authority
(CA), server configured on your network.
It is beyond the scope of this document to describe these configuration of the RADIUS server,
PKI, and CA server. Consult the documentation for those products.
Some good starting points available on the Web for the Microsoft Windows PKI software are:
“How to Install/Uninstall a Public Key Certificate Authority for Windows 2000”
at
and How to Configure a
Certificate Server at
.
. . . then configure
WPA security
with certificate
authentication on
each client as shown
on the following page.
Page 150 / 193
150
Appendix A: Configuring Security Settings on Wireless Clients
Choose WPA
Choose either TKIP
or AES for the Data
Encryption mode
Choose Smart Card
or other certificate and
enable “Authenticate as
computer when info is
available”
Then click
“Properties”
Enable (click to
check) “Validate
server certificate”
Select (check) the name of
the certificate on this client
(downloaded from RADIUS
server in a prerequisite
procedure)

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top