Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentWM200
101102103104105106107108109110
Summit WM Technical Reference Guide, Software Version 5.3 103
EAP-PEAP authentication
EAP-PEAP involves the same three security elements as the EAP-TLS:
Supplicant (AP)
Authenticator
Authentication server
EAP-PEAP consist of two stages:
Establishment of the TLS tunnel in order to prepare a secure channel for the second stage
Authentication based on the challenge response authentication methods
APs support MD5 and MS-CHAPv2 authentication protocols.
Configuring APs for .1X authentication
General configuration
In most cases, APs are deployed in already .1X enabled networks with existing RADIUS servers. In such
cases, APs need to be preconfigured with the proper credentials and authentication methods before
deployment to the access ports. APs are preconfigured by connecting them directly to the Summit WM
Controller and installing the credentials. If network switch and procedures allow, APs can be configured
directly on the access ports with .1X temporary disabled. After installing the credentials, .1X is enabled
on the port.
Configuring APs for .1X supplicant involves installing the proper credentials on the AP and/or
generating the Certificate Signing Request (CSR) for EAP-TLS. After the AP is configured with
credentials and deployed in the network no additional configuration is required. The AP detects the
request for authentication from the AU and using the EAP protocol, negotiates the authentication
method. To avoid prolonged authentication due to mismatched authentication protocols on the AS and
AP, a recommended practice is to configure the AS with the same authentication protocol as the AP.
After credentials are accepted by the AP, the light bulb icon next to the authentication method with
installed credentials (EAP-TLS or EAP-PEAP) is lit on the 802.1X tab. The light bulb icon is lit even if
the AP does not participate in .1X authentication, as long as there are valid credentials installed on the
AP.
Use the Summit WM GUI’s 802.1X tab to configure individual APs. The Summit WM GUI’s 802.1X tab
is available only for AP models that support .1X supplicant feature.
Use the AP 802.1X Multi-edit page to configure multiple APs. The AP 802.1X Multi-edit page only lists
APs that support .1X supplicant feature.
EAP-PEAP configuration
Do the following:
1 Select the AP that you want to configure from the Wireless APs page.
2 Click the 802.1X tab.