Manualshelf

Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series
111112113114115116117118119120
Network Setup
4-34
The 802.1x EAP screen displays.
5. Configure the Advanced field as required to define MU timeout and retry information for the
authentication server.
6. Refer to the Status field for the current state of the requests made from applet. This field displays
error messages if something goes wrong in the transaction between the applet and the switch.
7. Click OK to use the changes to the running configuration and close the dialog.
8. Click Cancel to close the dialog without committing updates to the running configuration.
Configuring Kerboros
Kerberos (designed and developed by MIT) provides strong authentication for client/server applications using
secret-key cryptography. Using Kerberos, a MU must prove its identity to a server (and vice versa) across an
insecure network connection. Once a MU and server prove their identity, they can encrypt all communications
to assure privacy and data integrity. Kerberos can only be used with Motorola clients.
To configure a Kerberos authentication scheme for a WLAN:
1. Select Network > Wireless LANs from the main menu tree.
2. Select an existing WLAN from those displayed within the Configuration tab.
3. Click the Edit button.
A WLAN screen displays with the WLAN’s existing configuration. Refer to the Authentication and
Encryption columns to assess the WLAN’s existing security configuration.
4. Select the Kerberos button from within the Authentication field.
MU Timeout Define an interval (between 1- 300 seconds) for the switch’s
retransmission of EAP-Request packets. The default is 5 seconds.
MU Max Retries Specify the maximum number of times the switch retransmits an
EAP-Request frame to the client before it times out the
authentication session. The default is 3 retries, with a maximum of
100 supported.
CAUTION Kerberos makes no provisions for host security. Kerberos assumes it is running
on a trusted host within an untrusted network. If host security is compromised,
Kerberos is compromised as well.
NOTE Kerberos requires at least one encryption scheme be enabled (WEP 128 or other). If
neither WEP 128 or KeyGuard is enabled, WEP 128 will automatically be enabled
for use with Kerberos.
!