Manualshelf

Specifications

ManualsBrandsAlcatel ManualsComputer equipmentOmniAccess AP61
271272273274275276277278279280
OmniAccess Reference: AOS-W System Reference
252 Part 031652-00 May 2005
z The Wireless-Student policy matches the “Student” group.
z The Wireless-Faculty policy matches the “Faculty” group.
z The Wireless-Sysadmin policy matches the “Sysadmin” group.
In addition to matching the group, the policy also specifies that the request
must be from an 802.11 wireless device. The policy above instructs IAS to
grant remote access permission if all the conditions specified in the policy
match, a valid username/password was supplied, and the user’s or computer’s
remote access permission was set to “Allow”.
By clicking Edit Profile in the policy screen above, additional authentication
parameters can be selected. Two such parameters are of interest: the
authentication method, which is common to all policies, and the advanced
attributes, which are different for each policy.
Authentication Methods
To enable 802.1x authentication, an appropriate EAP type must be selected
under the Authentication tab.
The only EAP method that should be selected is Protected EAP (PEAP). By
click Edit in the screen above, additional properties for PEAP can be selected.
On this screen, a server certificate must be chosen, and the “inner”
authentication method must be chosen. The list of available certificates is
taken from the computer certificate store on which IAS is running. In this case,
a self-signed certificate was generated by the local certificate authority and
installed on the IAS machine. The local certificate authority has been added as
a trusted certificate authority on each wireless client device, thus allowing this
certificate to be trusted.
The authentication method shown here is MS-CHAP v2. Because password
authentication is being used on this network, this is the only EAP
authentication type that should be selected.
Fast reconnect can be enabled in this screen also. If fast reconnect is enabled
here and also on client devices, additional time can be saved when multiple
authentications take place (such as when clients are roaming between APs
often) because the server will keep alive the PEAP encrypted tunnel. For this
application, fast reconnect was not desired.