Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentAltitude 4000 Series
31323334353637383940
Creating the Windows Security Infrastructure
Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.1 Technical Reference Guide
36
Profile, Encryption tab: Clear all other check boxes except the Strongest check box. This forces all
wireless connections to use 128-bit encryption. The settings on the Encryption tab correspond to
the MS-MPPE-Encryption-Policy and MS-MPPE-Encryption-Types RADIUS attributes and might
be supported by the wireless AP. If these attributes are not supported, clear all the check boxes
except No encryption. For more information, see the “Add a remote access policy” procedure in
this section
2 For Windows Server 2003 IAS, use the New Remote Access Policy Wizard to create a common
remote access policy with the following settings:
a Policy name: Wireless access to intranet (example)
b Access Method: Wireless
c User or Group Access: Group with the Wireless Users group selected (example group name)
d Authentication Methods: Smart Card or other Certificate type (for EAP-TLS) or Protected EAP
(PEAP) type (for EAP-MS-CHAP v2)
3 If the wireless APs require vendor specific attributes (VSAs), you must add the VSAs to the remote
access policy. For more information, see the “Configure vendor-specific attributes for a remote access
policy” procedure in this section.
4 For Windows 2000 IAS, delete the default remote access policy named Allow access if dial-in
permission is enabled. To delete a remote access policy, right-click the policy name in the Internet
Authentication Service snap-in and click Delete
Best Practice
If you are managing the remote access permission of user and computer accounts on a per-account
basis, use remote access policies that specify a connection type. If you are managing the remote access
permission through the remote access policy, use remote access policies that specify a connection type
and group. The recommended method is to manage remote access permission through the remote
access policy.
Add a remote access policy
1 Open the Internet Authentication Service snap-in.
2 In the console tree, right-click Remote Access Policies, and then click New Remote Access Policy.
Configure vendor-specific attributes for a remote access policy
1 Open the Internet Authentication Service snap-in.
2 In the console tree, click Remote Access Policies.
3 In the details pane, double-click the policy for which you want to configure a vendor-specific
attribute (VSA).
4 Click Edit Profile, click the Advanced tab, and then click Add.
5 Look at the list to see whether your vendor-specific attribute is already in the list of available
RADIUS attributes. If it is, double-click it, and then configure it as specified in your wireless AP
documentation.
6 If the vendor-specific attribute is not in the list of available RADIUS attributes, click the Vendor-
Specific attribute, and then click Add.
7 In the Multivalued Attribute Information dialog box, click Add