The following test will use the inbuilt 802.1X authentication method such as ,EAP_TLS,

PEAP_CHAPv2(Windows XP with SP1 only), and PEAP_TLS(Windows XP with SP1 only) using the

Smart Card or other Certificate of the Windows XP Professional.

DUT and Windows 2000 Radius Server Setup

Setup Windows 2000 RADIUS Server

We have to change authentication method to MD5_Challenge or using smart card or other certificate

on RADIUS server according to the test condition.

Setup DUT

1. Enable the 802.1X (check the “Enable checkbox“).

2. Enter the RADIUS server IP.

3. Enter the shared key. (The key shared by the RADIUS server and DUT).

4. We will change 802.1X encryption key length to fit the variable test condition.

Setup Network adapter on PC

1. Choose the IEEE802.1X as the authentication method. (Fig 2)

2. Choose MD5-Challenge or Smart Card or other Certificate as the EAP type.

3. If choosing use smart card or the certificate as the EAP type, we select to use a certificate on this

computer.

4.

We will change EAP type to fit the variable test condition.

Figure 2 is a setting picture of Windows XP without service pack 1. If users

upgrade to service pack 1, then they can’t see MD5-Challenge from EAP type

list any more, but they will get a new Protected EAP (PEAP) option.

58

Downloaded from

www.Manualslib.com

manuals search engine

Figure 2: Enable IEEE 802.1X access control / Smart card or certificate properties

Windows 2000 RADIUS server Authentication testing:

DUT authenticate PC1 using certificate. (PC2 follows the same test procedures.)

1. Download and install the certificate on PC1. (Fig 4)

2. PC1 chooses the SSID of DUT as the Access Point.

3. Set authentication type of wireless client and RADIUS server both to EAP_TLS.

4. Disable the wireless connection and enable again.

5. The DUT will send the user's certificate to the RADIUS server, and then send the message of

authentication result to PC1. (Fig 5)

6. Windows XP will prompt that the authentication process is success or fail and end the

authentication procedure. ( Fig 6)

7. Terminate the test steps when PC1 get dynamic IP and PING remote host successfully.

Downloaded from

www.Manualslib.com

manuals search engine

Figure 4: Certificate information on PC1

Figure 5: Authenticating

60

Downloaded from

www.Manualslib.com

manuals search engine

Figure 6: Authentication success

DUT authenticate PC2 using PEAP-TLS.

1. PC2 chooses the SSID of DUT as the Access Point.

2. Set authentication type of wireless client and RADIUS server both to PEAP_TLS.

3. Disable the wireless connection and enable again.

4. The DUT will send the user's certificate to the RADIUS server, and then send the message of

authentication result to PC2.

5. Windows XP will prompt that the authentication process is success or fail and end the

authentication procedure.

6. Terminate the test steps when PC2 get dynamic IP and PING remote host successfully.

Support Type: The router supports the types of 802.1x Authentication: PEAP-CHAPv2 and

PEAP-TLS.

1. PC1 is on Windows XP platform without Service Pack 1.

2. PC2 is on Windows XP platform with Service Pack 1a.

3. PEAP is supported on Windows XP with Service Pack 1 only.

4. Windows XP with Service Pack 1 allows 802.1x authentication only when data

encryption function is enable.

Downloaded from

www.Manualslib.com

manuals search engine

Appendix B WPA-PSK and WPA

Wireless Router: LAN IP: 192.168.123.254

WAN IP: 192.168.122.216

Radius Server: 192.168.122.1

User A: XP Wireless Card:Ti-11g

Tool: Odyssey Client Manager

Refer to:

www.funk.com

Download:

Or Another Configuration:

WPA-PSK

In fact, it is not necessary for this function to authenticate by Radius Server, the client and wireless

Router authenticate by them.

62

Downloaded from

www.Manualslib.com

manuals search engine