Specifications

ManualsBrandsMotorola ManualsComputer equipmentWS2000 - Wireless Switch - Network Management Device

131

132

133

134

135

136

137

138

139

140

6-6 WS2000 Wireless Switch System Reference Guide

ideal choice for networks using legacy EAP authentication methods.

• Tunneled TLS EAP (EAP-TTLS) is similar to EAP-TLS, but the client authentication portion of the

protocol is not performed until after a secure transport tunnel has been established. This allows EAP-

TTLS to protect legacy authentication methods used by some RADIUS servers.

3. If PEAP is selected, specify a Default Auth Type for PEAP to use from the pull-down menu. The options

are GTC and MSCHAP-V2.

• EAP Generic Token Card (GTC) is a challenge handshake authentication protocol that uses a

hardware token card to provide the response string.

• Microsoft CHAP (MSCHAP-V2) is an encrypted authentication method based on Microsoft's

challenge/response authentication protocol.

4. If TTLS is selected, specify a Default Auth Type for TTLS to use from the pull-down menu. The options

are MD5, PAP and MSCHAP-V2.

• Message Digest 5 (MD5) is a secure hash function which converts a long data stream into a fixed

size digest. It uses a 128-bit hash value to do the conversion.

• Password Authentication Protocol (PAP) is a protocol where the user sends an identifier and

password pair to the server. This information is sent un-encrypted. It is used in case a remote server

does not support stronger authentication protocols such as EAP or CHAP.

• Microsoft CHAP (MSCHAP-V2) is an encrypted authentication method based on Microsoft's

challenge/response authentication protocol.

5. If you have a server certificate from a CA and wish to use it on the RADIUS server, select it from this pull-

down menu. Only certificates imported to the switch will be available in the menu. To create a server

certificate, select the Self Certificates screen from Certificate Mgmt in the navigation menu (see

Creating Self Certificates).

6. You can also choose an imported CA Certificate to use on the RADIUS server. If using a server certificate

signed by a CA, you will need to import that CA's root certificate using the CA certificates screen from

the Certificate Mgmt menu. After a valid CA root certificate has been imported, it will be available from

the CA Certificate pull-down menu.

7. DH Param File is required to support Cipher Suite v 0x13 (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA)

for EAP-TLS/TTLS. If this file does not exist on a WS2000, it is automatically created when the device is

booted up. Use Create DH Param File to create the file as and when required.

8. Use the RADIUS Client Authentication table to set up multiple shared secrets based on the subnet or

host that is trying to authenticate against the RADIUS server. Use the Add button to add entries to the

list.

9. Click Apply to save your changes.

Subnet/Host This field contains the IP address of the subnet or host that will be authenticating with the

RADIUS server.

Netmask This field contains the netmask (subnet mask) of the subnet or host that will be

authenticating with the RADIUS server.

Shared Secret Set a shared secret to be used for each host or subnet that will be authenticating against

the RADIUS server. The shared secret can be up to 7 characters in length.