Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentWM20 Controller
31323334353637383940
Step 3: Configuring the Primary IAS Server
Summit WM20 Technical Reference Guide, Software Version 4.2 33
differ from the default values provided (1812 and1645 for authentication and 1813 and1646 for
accounting), in Authentication and Accounting, type your port settings. To use multiple ports for
authentication or accounting requests, separate the ports with commas.
Add RADIUS clients
1 Open the Internet Authentication Service snap-in.
2 For Windows 2000 IAS, in the console tree, right-click Clients, and then click New Client. For
Windows Server 2003 IAS, in the console tree, right-click RADIUS Clients, and then click New
RADIUS Client.
3 In Friendly name, type a descriptive name.
4 In Protocol, click RADIUS, and then click Next.
5 In Client address (IP or DNS), type the DNS name or IP address for the client. If you are using a
DNS name, click Verify. In the Resolve DNS Name dialog box, click Resolve, and then select the IP
address you want to associate with that name from Search Results.
6 If you are planning to use wireless AP-specific remote access policies for configuration purposes (for
example, a remote access policy that contains vendor-specific attributes), click Client Vendor, and
select the manufacturer’s name. If you do not know the manufacturer or it is not in the list, click
RADIUS Standard.
7 In Shared secret, type the shared secret for the client, and then type it again in Confirm shared
secret.
8 Click Finish.
Best Practices
If possible, use IPsec ESP to provide data confidentiality for RADIUS traffic between the wireless AP
and the IAS servers. Use at least 3DES encryption and, if possible, certificates for Internet Key Exchange
(IKE) main mode authentication.
Use shared secrets that consist of a random sequence of upper and lower case letters, numbers, and
punctuation at least 22 characters long and use a different shared secret for each wireless AP. If possible,
use a random string-generating computer program to create the shared secret
Step 3b: Configuring a Wireless Remote Access Policy
To configure a wireless remote access policy for the primary IAS server, do the following:
1 For Windows 2000 IAS, create a new remote access policy for wireless intranet access with the
following settings:
a Policy name: Wireless access to intranet (example)
b Conditions: NAS-Port-Type=Wireless-Other and Wireless-IEEE 802.11, Windows-
Groups=WirelessUsers
c Permissions: Select Grant remote access permission.
d Profile, Authentication tab: If you are using EAP-TLS authentication, select Extensible
Authentication Protocol and the Smart Card or other Certificate EAP type. Clear all other check
boxes. If you have multiple computer certificates installed on the IAS server, click Configure, and
then select the appropriate computer certificate. If the intended computer certificate is not
displayed, then it does not support SChannel.