Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentAltitude 4000 Series
31323334353637383940
Step 3: Configuring the Primary IAS Server
Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.1 Technical Reference Guide
35
Add RADIUS clients
1 Open the Internet Authentication Service snap-in.
2 For Windows 2000 IAS, in the console tree, right-click Clients, and then click New Client. For
Windows Server 2003 IAS, in the console tree, right-click RADIUS Clients, and then click New
RADIUS Client.
3 In Friendly name, type a descriptive name.
4 In Protocol, click RADIUS, and then click Next.
5 In Client address (IP or DNS), type the DNS name or IP address for the client. If you are using a
DNS name, click Verify. In the Resolve DNS Name dialog box, click Resolve, and then select the IP
address you want to associate with that name from Search Results.
6 If you are planning to use wireless AP-specific remote access policies for configuration purposes (for
example, a remote access policy that contains vendor-specific attributes), click Client Vendor, and
select the manufacturer’s name. If you do not know the manufacturer or it is not in the list, click
RADIUS Standard.
7 In Shared secret, type the shared secret for the client, and then type it again in Confirm shared
secret.
8 Click Finish.
Best Practices
If possible, use IPsec ESP to provide data confidentiality for RADIUS traffic between the wireless AP
and the IAS servers. Use at least 3DES encryption and, if possible, certificates for Internet Key Exchange
(IKE) main mode authentication.
Use shared secrets that consist of a random sequence of upper and lower case letters, numbers, and
punctuation at least 22 characters long and use a different shared secret for each wireless AP. If possible,
use a random string-generating computer program to create the shared secret
Step 3b: Configuring a Wireless Remote Access Policy
To configure a wireless remote access policy for the primary IAS server, do the following:
1 For Windows 2000 IAS, create a new remote access policy for wireless intranet access with the
following settings:
a Policy name: Wireless access to intranet (example)
b Conditions: NAS-Port-Type=Wireless-Other and Wireless-IEEE 802.11, Windows-
Groups=WirelessUsers
c Permissions: Select Grant remote access permission.
d Profile, Authentication tab: If you are using EAP-TLS authentication, select Extensible
Authentication Protocol and the Smart Card or other Certificate EAP type. Clear all other check
boxes. If you have multiple computer certificates installed on the IAS server, click Configure, and
then select the appropriate computer certificate. If the intended computer certificate is not
displayed, then it does not support SChannel.
If you are using PEAP-MS-CHAP v2 authentication, select Extensible Authentication Protocol
and the Protected EAP (PEAP) EAP type, and then click Configure. In the Protected EAP
Properties dialog box, select the appropriate computer certificate and ensure that Secured
password (EAP-MSCHAP v2) is selected as the EAP type.