Advanced Configuration
5-1
August 2003
Chapter 5
Advanced Configuration
This chapter describes how to configure the advanced features of your ME103 802.11b ProSafe
Wireless Access Point. These features can be found under the Advanced heading in the main
menu.
Configuring Advanced Security 802.1x Options
For an overview of 802.1x, see
“Understanding 802.1x Port Based Network Access Control” on
page B-9
. The ME103 802.11b ProSafe Wireless Access Point supports these 802.1x options:
•
Key Exchange
. Key exchange (PEAP, EAP-TLS, EAP-TTLS) provides strong security
through mutual authentication and automatic key exchange between the two endpoints.
Periodic updates are performed using public-key cryptography through a certificate server and
a Remote Authentication Dial-In User Service (RADIUS) server.
The ME103 configuration procedures for these options are presented below.
Basic Requirements for 802.1x
802.1x requires these parts:
1.
Authenticator: ME103
2.
Authentication Server - a RADIUS server.
Microsoft Internet Authentication Server (IAS) provides RADIUS functionality. Other
vendors also support RADIUS for 802.1x.
3.
Supplicant - Windows 2000 with the 802.1x client patch applied (SP4 802.1x client) or
Windows XP.
4.
Optionally, the Key Exchange options (PEAP, EAP-TLS, and EAP-TTLS) can take advantage
of a Certificate Authority (CA) such as Windows 2000 server provides. To use
certificate-based authentication, both the RADIUS server and the client need to have a
certificate from a certificate server such as Windows 2000 or a public service such as Verisign.