User's Manual
Table Of Contents
- Introduction
- First-Time Installation and Configuration
- Using Web-Based Network Manager
- Appendix A: Default Settings
- Appendix B: Troubleshooting
- Appendix C: Additional Information
wireless client computer and its associated wireless access point. To sum up, EAP-MD5 supports only
user authentication, while EAP-TLS supports user authentication as well as dynamic encryption key
distribution.
RADIUS
Server
Internet
Wireless AP
Wireless AP
User
Database
user authentication
user authentication
IEEE 802.1x-Compliant
Wireless Client
Fig. 56. IEEE 802.1x and RADIUS.
A wireless access point supporting IEEE 802.1x can be configured to communicate with two RA-
DIUS servers. When the primary RADIUS server fails to respond, the wireless access point will try to
communicate with the secondary RADIUS server. The administrator can specify the length of timeout
and the number of retries before communicating with the secondary RADIUS server after failing to
communicate with the primary RADIUS server.
An IEEE 802.1x-capable wireless access point and its RADIUS server(s) share a secret key so that
they can authenticate each other. In addition to its IP address, a wireless access point can identify it-
self by an NAS (Network Access Server) identifier. Each IEEE 802.1x-capable wireless access point
must have a unique NAS identifier.
Fig. 57. IEEE 802.1x/RADIUS settings.
NOTE: This feature is only available for AP interfaces. If the DRBAP is set to be in Bridge Re-
peater mode, the IEEE 802.11, IEEE 802.1x/RADIUS section of the management UI will be hidden
from accessing.
TIP: Refer to the IEEE 802.1x-related white papers on the accompanying CD-ROM for more infor-
36