User's Manual

ManualsBrandsMitraStar Technology ManualsElectronicsTD-LTE OUTDOOR CPE

231

232

233

234

235

236

237

238

239

240

Appendix D Wireless LANs

B222s User’s Guide

235

RADI US is a sim ple package exchange in which your AP acts as a m essage relay between t he

wir eless client and t he net work RADI US server.

Types of RADIUS Messages

The following t ypes of RADI US m essages are exchanged between the access point and t he RADI US

server for user authentication:

• Access- Request

Sent by an access point request ing aut hent icat ion.

• Access- Rej ect

Sent by a RADI US server rej ecting access.

• Access-Accept

Sent by a RADI US server allowing access.

• Access- Challenge

Sent by a RADI US server r equesting m ore inform at ion in order t o allow access. The access point

sends a proper response from the user and t hen sends anot her Access- Request m essage.

The following t ypes of RADI US m essages are exchanged between the access point and t he RADI US

server for user account ing:

• Account ing- Request

Sent by t he access point request ing account ing.

• Account ing- Response

Sent by t he RADI US server to indicate that it has started or st opped accounting.

I n order t o ensure network secur it y, t he access point and t he RADI US ser ver use a shared secret

key, w hich is a password, t hey both know. The key is not sent over t he network. I n addit ion to t he

shared key, password inform ation exchanged is also encrypted t o protect t he network from

unauthorized access.

Types of EAP Authentication

This sect ion discusses som e popular aut hent icat ion t ypes: EAP- MD5, EAP-TLS, EAP-TTLS, PEAP and

LEAP. Your wireless LAN device m ay not support all authent icat ion t ypes.

EAP ( Extensible Aut hent icat ion Prot ocol) is an aut hent icat ion prot ocol that runs on t op of t he I EEE

802.1x transport m echanism in order t o support m ultiple types of user authenticat ion. By using EAP

to int eract wit h an EAP- com pat ible RADI US server, an access point helps a wireless station and a

RADI US server perform aut hent icat ion.

The type of authentication you use depends on t he RADI US server and an int erm ediary AP( s) t hat

support s I EEE 802.1x. .

For EAP-TLS aut hent icat ion type, you m ust first have a wired connection t o t he net work and obt ain

the cert ificat e( s) from a cert ificat e aut horit y ( CA) . A cert ificat e ( also called digit al I Ds) can be used

to aut hent icat e users and a CA issues cert ificat es and guarantees t he ident ity of each cert ificat e

owner.