Page 76 / 82 Scroll up to view Page 71 - 75
76
A
A
A
p
p
p
p
p
p
e
e
e
n
n
n
d
d
d
i
i
i
x
x
x
B
B
B
8
8
8
0
0
0
2
2
2
.
.
.
1
1
1
x
x
x
S
S
S
e
e
e
t
t
t
t
t
t
i
i
i
n
n
n
g
g
g
Figure 1: Testing Environment (Use Windows 2000 Radius Server)
1 Equipment Details
PC1 OS:
Microsoft Windows XP Professional without Service Pack 1.
PC2 OS:
Microsoft Windows XP Professional with Service Pack 1a.
Authentication Server
: Windows 2000 RADIUS server with Service Pack 3 and HotFix
Q313664.
Note. Windows 2000 RADIUS server only supports PEAP after upgrade to service pack
3 and HotFix Q313664
(You can get more information from
)
2 DUT
Configuration:
1.Enable DHCP server.
2.WAN setting: static IP address.
3.LAN IP address: 192.168.123.254/24.
4.Set RADIUS server IP.
Page 77 / 82
77
5.Set RADIUS server shared key.
6.Configure WEP key and 802.1X setting.
The following test will use the inbuilt 802.1X authentication method such as ,EAP_TLS,
PEAP_CHAPv2(Windows XP with SP1 only), and PEAP_TLS(Windows XP with SP1 only)
using the Smart Card or other Certificate of the Windows XP Professional.
3. DUT and Windows 2000 Radius Server Setup
3-1-1.
Setup Windows 2000 RADIUS Server
We have to change authentication method to MD5_Challenge or using smart
card or other certificate on RADIUS server according to the test condition.
3-1-2.
Setup DUT
1.Enable the 802.1X (check the “Enable checkbox“).
2.Enter the RADIUS server IP.
3.Enter the shared key. (The key shared by the RADIUS server and DUT).
4.We will change 802.1X encryption key length to fit the variable test
condition.
3-1-3.
Setup Network adapter on PC
1.Choose the IEEE802.1X as the authentication method. (Fig 2)
Note.
Figure 2 is a setting picture of Windows XP without service pack 1. If users
upgrade to service pack 1, then they can’t see MD5-Challenge from EAP
type list any more, but they will get a new Protected EAP (PEAP) option.
2.Choose MD5-Challenge or Smart Card or other Certificate as the EAP
type.
3.If choosing use smart card or the certificate as the EAP type, we select to
use a certificate on this computer. (Fig 3)
4. We will change EAP type to fit the variable test condition.
Page 78 / 82
78
Figure 2: Enable IEEE 802.1X access control
Page 79 / 82
79
Figure 3: Smart card or certificate properties
4. Windows 2000 RADIUS server Authentication testing:
4.1DUT authenticate PC1 using certificate. (PC2 follows the same test procedures.)
1. Download and install the certificate on PC1. (Fig 4)
2. PC1 choose the SSID of DUT as the Access Point.
3. Set authentication type of wireless client and RADIUS server both to
EAP_TLS.
4. Disable the wireless connection and enable again.
5. The DUT will send the user's certificate to the RADIUS server, and then
send the message of authentication result to PC1. (Fig 5)
6. Windows XP will prompt that the authentication process is success or fail
and end the authentication procedure. ( Fig 6)
7. Terminate the test steps when PC1 get dynamic IP and PING remote host
successfully.
Page 80 / 82
80
Figure 4: Certificate information on PC1
Figure 5: Authenticating

Rate

4.5 / 5 based on 2 votes.

Popular LevelOne Models

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top