Specifications

ManualsBrandsAlcatel ManualsComputer equipmentOmniAccess AP61

271

272

273

274

275

276

277

278

279

280

OmniAccess Reference: AOS-W System Reference

254 Part 031652-00 May 2005

z Specifies the EAP type as PEAP

z Clients will not attempt to authenticate as a guest

z Clients will perform computer authentication when a user is not logged in.

Sets up client PEAP properties

z Server certificate will be validated. This option instructs the client to check

the validity of the server certificate from an expiration, identity, and trust

perspective.

z The District-CA certificate authority is the only trusted CA that can issue

server certificates for the wireless network.

z The PEAP “inner authentication” mechanism will be a password through

MS-CHAP v2.

z Fast reconnect has not been enabled on the client. This option can speed

up authentication in some cases.

Sets up the behavior of MS-CHAP v2 within PEAP.

z The user’s Windows logon information will be used for authentication to

the wireless network. This option enables single sign-on, allowing the

same logon to be used for access to the Windows domain as well as the

wireless network.

Microsoft PocketPC 2003 Client Configuration

PocketPC 2003 includes built-in support for wireless networks and 802.1x

authentication. Some PDA vendors, including HP, have also produced system

updates to enable support for WPA and TKIP, assuming the NIC driver also

supports TKIP. This deployment uses dynamically-generated WEP keys, but

has a future upgrade path to WPA/TKIP.

Export Trusted Certification Authority

The first step in enabling 802.1x authentication on PocketPC devices is to

install a trusted certification authority, if required. If the RADIUS server uses a

certificate with a certification path already trusted by the PocketPC devices,

then this step is not necessary. Certificates purchased from large certificate

authorities such as Verisign, for example, will already be trusted by the clients.

If a self-signed certificate is used, the certification path will need to be installed

on the client. To do this, first export the certificate for the root certificate

authority into a standard X.509 file format. This step can be accomplished on

any Windows computer where the trusted certification path has already been

installed. Launch the Microsoft Management Console by selecting

Start > Run,

and entering “mmc” in the box.