User's Manual
Table Of Contents
- Table of Contents
- Introduction
- GO Wireless LAN Pico Base Station (WLP)
- Installation
- Configuring the WLP
- Connect and Access the WLP
- Configuring the Management Connectivity
- Configuring the Device Prompt
- Configuring the Radio Settings
- Configuring Multiple SSIDs
- Deleting an SSID
- Configuring the Mesh Network
- Configuring WDS CPE connection
- Configuring Authentication Types
- Configuring the Radius Client in the WLP
- Configuring Privacy Methods
- Saving the Configuration
- WLP Configuration Example
- Upgrading the WLP Software
- Appendix A: List of Acronyms
- Appendix B: Wiring Specifications
- Page 31 of 38 -
All contents are Copyright © 2006 GO Networks, Inc. All rights reserved.
Configuring Authentication Types
In the most common 802.1X WLAN environments, the WLP units defer to
the Radius server to authenticate users and to support particular EAP
authentication types. The Radius server handles these functions, and
provides crucial authentication and data-protection capabilities according
to the requirements of the EAP authentication type in use. The Radius
client runs on the WLP device and sends authentication requests to a
central Radius server, which contains all user authentication and network
service access information. The Radius server is normally a multi-user
system running Radius server software (such as developed by Microsoft or
other software vendors).
The wireless client device and Radius server on the wired LAN use 802.1x
and EAP to perform mutual authentication through the WLP.
1. The Radius server sends an authentication challenge to the client.
2. The client uses a one-way encryption of the user-supplied password
to generate a response to the challenge and sends that response to
the Radius server.
3. The Radius server receives the encryption response from the client
and compares the response to the information stored in its
database.
When the Radius server authenticates the client, the process repeats in
reverse, and the client authenticates the Radius server.
Configuring the Radius Client in the WLP
Your WLP must be configured to support the Radius server communication.
At a minimum, you must identify the Radius server software and define
the method lists for Radius authentication. Alternatively, you can define
method lists for Radius authorization and accounting.
Identifying the Radius Server
WLP-to-Radius server communication involves several components:
• IP address
• Authentication destination port
• Accounting destination port
• Key string
You should identify the Radius security server’s IP address and specific
UDP port numbers. The combination of the IP address and the UDP port
number creates a unique identifier.
A Radius server and the access point use a shared secret text (key) string
to encrypt passwords and exchange responses.