56

1.Enable DHCP server.

2.WAN setting: static IP address.

3.LAN IP address: 192.168.1.254/24.

4.Set RADIUS server IP.

5.Set RADIUS server shared key.

6.Configure WEP key and 802.1X setting.

The

following

test

will

use

the

inbuilt

802.1X

authentication

method

such

as

,EAP_TLS,

PEAP_CHAPv2(Windows XP with SP1 only), and PEAP_TLS(Windows XP with SP1 only) using the Smart

Card or other Certificate of the Windows XP Professional.

3. DUT and Windows 2000 Radius Server Setup

3-1-1. Setup Windows 2000 RADIUS Server

We have to change authentication method to MD5_Challenge or using smart

card or other certificate on RADIUS server according to the test condition.

3-1-2. Setup DUT

1.Enable the 802.1X (check the

“

Enable checkbox

“

).

2.Enter the RADIUS server IP.

3.Enter the shared key. (The key shared by the RADIUS server and DUT).

4.We will change 802.1X encryption key length to fit the variable test

condition.

3-1-3. Setup Network adapter on PC

1.Choose the IEEE802.1X as the authentication method. (Fig 2)

Note.

Figure 2 is a setting picture of Windows XP without service pack 1. If users upgrade to

service pack 1, then they can

’

t see MD5-Challenge from EAP type list any more, but they

will get a new Protected EAP (PEAP) option.

2.Choose MD5-Challenge or Smart Card or other Certificate as the EAP

type.

3.If choosing use smart card or the certificate as the EAP type, we select to

use a certificate on this computer. (Fig 3)

57

4. We will change EAP type to fit the variable test condition.

Figure 2: Enable IEEE 802.1X access control

58

Figure 3: Smart card or certificate properties

4. Windows 2000 RADIUS server Authentication testing:

4.1DUT authenticate PC1 using certificate. (PC2 follows the same test procedures.)

1. Download and install the certificate on PC1. (Fig 4)

2. PC1 choose the SSID of DUT as the Access Point.

3. Set authentication type of wireless client and RADIUS server both to

EAP_TLS.

4. Disable the wireless connection and enable again.

5. The DUT will send the user's certificate to the RADIUS server, and then

send the message of authentication result to PC1. (Fig 5)

6. Windows XP will prompt that the authentication process is success or fail

and end the authentication procedure. ( Fig 6)

7. Terminate the test steps when PC1 get dynamic IP and PING remote host

successfully.

59

Figure 4: Certificate information on PC1

Figure 5: Authenticating

60

Figure 6: Authentication success

4.2

DUT authenticate PC2 using PEAP-TLS.

1. PC2 choose the SSID of DUT as the Access Point.

2. Set authentication type of wireless client and RADIUS server both to

PEAP_TLS.

3. Disable the wireless connection and enable again.

4.The DUT will send the user's certificate to the RADIUS server, and then

send the message of authentication result to PC2.

5. Windows XP will prompt that the authentication process is success or fail

and end the authentication procedure.

6. Terminate the test steps when PC2 get dynamic IP and PING remote host

successfully.

Support Type:

The router supports the types of

802.1x Authentication:

PEAP-CHAPv2 and PEAP-TLS.

Note.

1.PC1 is on Windows XP platform without Service Pack 1.

2.PC2 is on Windows XP platform with Service Pack 1a.

3.PEAP is supported on Windows XP with Service Pack 1 only.

4.Windows XP with Service Pack 1 allows 802.1x authentication only when data encryption function is

enable.