Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentAltitude 3500 Series

171

172

173

174

175

176

177

178

179

180

Configuring Access Point Security

Altitude 3500 Series Access Point Product Reference Guide

176

6 Click the Apply button to return to the WLAN screen to save any changes made within the Kerberos

Configuration field of the New Security Policy screen.

7 Click the Cancel button to undo any changes made within the Kerberos Configuration field and

return to the WLAN screen. This reverts all settings for the Kerberos Configuration field to the last

saved configuration.

Configuring 802.1x EAP Authentication

The IEEE 802.1x standard ties the 802.1x EAP authentication protocol to both wired and wireless LAN

applications.

The EAP process begins when an unauthenticated supplicant (client device) tries to connect with an

authenticator (in this case, the authentication server). The Altitude 35xx passes EAP packets from the

client to an authentication server on the wired side of the Altitude 35xx. All other packet types are

blocked until the authentication server (typically, a RADIUS server) verifies the MU’s identity.

To configure 802.1x EAP authentication on the Altitude 35xx:

1 Select Network Configuration > Wireless > Security from the Altitude 35xx menu tree.

If security policies supporting 802.1x EAP exist, they appear within the Security Configuration screen.

These existing policies can be used as is, or their properties edited by clicking the Edit button. To

configure a new security policy supporting 802.1x EAP, continue to step 2.

2 Click the Create button to configure a new policy supporting 802.1x EAP.

The New Security Policy screen displays with no authentication or encryption options selected.

3 Select the 802.1x EAP radio button.

The 802.1x EAP Settings field displays within the New Security Policy screen.

4 Ensure the Name of the security policy entered suits the intended configuration or function of the

policy.

5 If using the access point’s Internal RADIUS server, leave the Radius Server drop-down menu in the

default setting of Internal. If an external RADIUS server is used, select External from the drop-down

menu.

Primary KDC Specify a numerical (non-DNS) IP address and port for the

primary Key Distribution Center (KDC). The KDC

implements an Authentication Service and a Ticket

Granting Service, whereby an authorized user is granted a

ticket encrypted with the user's password. The KDC has a

copy of every user password.

Backup KDC Optionally, specify a numerical (non-DNS) IP address and

port for a backup KDC. Backup KDCs are referred to as

slave servers. The slave server periodically synchronizes

its database with the primary (or master) KDC.

Remote KDC Optionally, specify a numerical (non-DNS) IP address and

port for a remote KDC. Kerberos implementations can use

an administration server allowing remote manipulation of

the Kerberos database. This administration server usually

runs on the KDC.

Port Specify the ports on which the Primary, Backup and

Remote KDCs reside. The default port number for

Kerberos Key Distribution Centers is Port 88.