1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DWL-2210AP
    5. /
  5. 31
Page 151 / 193 Scroll up to view Page 146 - 150
151
Appendix A: Configuring Security Settings on Wireless Clients
Smart Card or other Certificate Properties Dialog
Validate Server Certificate
Enable this option (click to check the box).
Certificates
In the certificate list shown, select the certificate for this
client.
1. Configure the following settings on the Association tab on the Network Properties
dialog.
Logging on to the Wireless Network with a WPA Client Using a Certificate
WPA clients should now be able to connect to the access point using their TLS
certificates. The certificate you installed is used when you connect, so you will not be
prompted for login information. The certificate is automatically sent to the RADIUS
server for authentication and authorization.
Association Tab
Network Authentication
WPA
Data Encryption
TKIP or AES depending on how this option is configured
on the access point.
Note:
When the Cipher Suite on the access point is set
to “Both”, then TKIP clients with a valid TKIP key and
AES clients with a valid CCMP (AES) key can associate
with the access point. For more information, see
Administrators Guide and Online Help on the access
point.
2. Configure these settings on the Authentication tab.
3. Click
Properties
to bring up the Smart Card or other Certificate Properties dialog and
enable the “Validate server certificate” option.
4. To complete the client configuration you must now obtain a certificate from the RADIUS
server and install it on this client. For information on how to do this see “Obtaining a
TLS-EAP Certificate for a Client” in this manual.
Click
OK
on all dialogs to close and save your changes.
Authentication Tab
Enable IEEE 802.1x
authentication for this network
Enable (click to check) this option.
EAP Type
Choose Smart Card or other Certificate.
Page 152 / 193
152
Appendix A: Configuring Security Settings on Wireless Clients
Configuring WPA-PSK Security on a Client
Wi-Fi Protected Access
(WPA) with
Pre-Shared Key
(PSK) is a Wi-Fi Alliance subset
of IEEE 802.11i, which includes
Temporal Key Integrity Protocol
(TKIP),
Advanced
Encryption Algorithm
(
AES
), and
Counter mode/CBC-MAC Protocol
(CCMP)
mechanisms. PSK employs a pre-shared key for an initial check of client credentials.
If you configured the D-Link DWL-2210AP to use WPA-PSK security mode . . .
. . . then configure WPA-PSK security on each client as follows.
Choose WPA-PSK
Choose either TKIP or AES
for the Data Encryption mode
Enter a network key that
matches the one specified on
the access point (and confirm
by retyping)
Page 153 / 193
153
Association Tab
Network Authentication
WPA-PSK
Data Encryption
TKIP or AES depending on how this option is configured
on the access point.
Note:
When the Cipher Suite on the access point is set to
“Both”, then TKIP clients with a valid TKIP key and AES
clients with a valid CCMP (AES) key can associate with
the access point. For more information, see Administrators
Guide and Online Help on the access point.
Network Key
Provide the key you entered on the access point Security
settings for the cipher suite you are using.
For example, if the key on the access point is set to use a
TKIP key of “012345678”, then a TKIP client specify this
same string as the network key.
The key is provided for me
automatically
This box should be disabled automatically based on other
settings.
Authentication Tab
Enable IEEE 802.1x
authentication for this network
Make sure that IEEE 802.1x authentication is disabled
(unchecked).
(Setting the encryption mode to WEP should automatically
disable authentication.)
Appendix A: Configuring Security Settings on Wireless Clients
Click
OK
on the Wireless Network Properties dialog to close it and save your
changes.
Connecting to the Wireless Network with a WPA-PSK Client
WPA-PSK clients should now be able to associate and authenticate with the access
point. As a client, you will not be prompted for a key. The TKIP or AES key you configured
on the client security settings is automatically used when you connect.
Page 154 / 193
154
Configuring an External RADIUS Server to Recognize
the D-Link DWL-2210AP
An external
Remote Authentication Dial-in User Server
(RADIUS) server running on the
network can support of EAP-TLS smart card/certificate distribution to clients in a
Public
Key Infrastructure
(PKI) as well as EAP-PEAP user account setup and authentication. By
external
RADIUS server, we mean an authentication server external to the access point
itself. This is to distinguish between the scenario in which you use a network RADIUS
server versus one in which you use the
Built-in Authentication Server
on the
D-Link DWL-2210AP.
This section provides an example of configuring an external RADIUS server for the
purposes of authenticating and authorizing TLS-EAP certificates from wireless clients
of a particular D-Link DWL-2210AP configured for either “WPA with RADIUS” or “IEEE
802.1x” security modes. The intention of this section is to provide some idea of what
this process will look like; procedures will vary depending on the RADIUS server you
use and how you configure it. For this example, we use the Internet Authentication
Service that
comes with Microsoft Windows 2003 server.
The purpose of this procedure is to identify your D-Link DWL-2210AP as a “client” to the
RADIUS server. The RADIUS server can then handle authentication and authorization
of wireless clients for the AP. This procedure is required
per access point
. If you have
more than one access point with which you plan to use an external RADIUS server,
you need to follow these steps for each of those APs.
Keep in mind that the information you need to provide to the RADIUS server about the
access point corresponds to settings on the access point (Advanced > Security) and
vice versa. You should have already provided the RADIUS server IP Address to the
AP; in the steps that follow you will provide the access point address to the RADIUS
server. The RADIUS Key provided on the AP is the “shared secret” you will provide to
the RADIUS server.
Appendix A: Configuring Security Settings on Wireless Clients
This document does not describe how to set up Administrative users on the RADIUS server.
In this example, we assume you already have RADIUS server user accounts configured.
You will need a RADIUS server user name and password for both this procedure and the
following one that describes how to obtain and install a certificate on the wireless client.
Please consult the documentation for your RADIUS server for information on setting up
user accounts.
Page 155 / 193
155
Appendix A: Configuring Security Settings on Wireless Clients
The RADIUS server is identified by its IP address and UDP port numbers for the different
services it provides. On the current release of the D-Link DWL-2210AP, the RADIUS server
User Datagram Protocol
(UDP) ports used by the access point are not configurable. (The
D-Link DWL-2210AP is hard-coded to use RADIUS server UDP port 1812 for authentication
and port 1813 for accounting.)
2. In the left panel, right click on “RADIUS Clients” node and choose New > Radius
Client from the popup menu.
3. On the first screen of the New RADIUS Client wizard provide information about the
D-Link DWL-2210AP to which you want your clients to connect:
• A logical (friendly) name for the access point. (You might want to use DNS name or
location.)
1. Log on to the system hosting your RADIUS server and bring up the Internet
Authentication Service.

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top