manual
Use 802.1x Security with AT-WA7400 APs, AT-8624PoE Switches, and Linux’s freeRADIUS and Xsupplicant 3
Configure your Switches
The three AT-8600 Series switches can run a very simple configuration if you are installing a
layer two segment. Because the switches form a ring for a little redundancy, you must enable
RSTP on all three switches.
Enter the following commands on all three switches:
enable stp=default
set stp=default mode=rapid
Configure your RADIUS Server
Your RADIUS server needs to have freeRADIUS and OpenSSL installed. The server also
requires a valid certificate to issue. If your certificate is self-signed, you need to copy the
certificate to the supplicant. This section describes all these elements. Depending on your
distribution and the settings you chose when you installed it, you may already have some or
all of the elements.
You can use the freeRADIUS version packaged with your distribution, or download it from
www.freeradius.org. In this case, we compiled and installed it from source. To install the
downloaded source package, we used the following commands:
[root@server freeradius-1.0.5]# ./configure
[root@server freeradius-1.0.5]# make
[root@server freeradius-1.0.5]# make install
freeRADIUS configuration files will probably be installed to /usr/local/etc/raddb. In that
directory, you need to edit the following files:
• radiusd.conf
• clients.conf
• eap.conf
• users
The following sections show code that the configuration files must include. Your files may
also have other configuration options.
1. Install freeRADIUS unless it is already installed
2. Edit the freeRADIUS configuration files