Specifications

Network Setup 4-27
server on the wired side of the switch. All other packet types are blocked until the authentication server
(typically, a RADIUS server) verifies the MU’s identity.
To configure a 802.1x EAP authentication scheme for a WLAN:
1. Select Network > Wireless LANs from the main menu tree.
2. Select an existing WLAN from those displayed within the Configuration tab and click the Edit button.
A WLAN screen displays with the WLAN’s existing configuration. Refer to the Authentication and
Encryption columns to assess the WLAN’s existing security configuration.
3. Select the 802.1X EAP button from within the Authentication field. The Radius Config...
button on the
bottom of the screen will become enabled. Ensure a primary and optional secondary Radius Server have
been configured to authenticate users requesting access to the EAP 802.1x supported WLAN. For more
information, see Configuring External Radius Server Support on page 4-36.
4. Click the Config button to the right of the 802.1X EAP checkbox.
The 802.1x EAP screen displays.
5. Configure the Advanced field as required to define MU timeout and retry information for the
authentication server.
6. Refer to the Status field for the current state of the requests made from applet. This field displays error
messages if something goes wrong in the transaction between the applet and the switch.
7. Click OK to use the changes to the running configuration and close the dialog.
8. Click Cancel to close the dialog without committing updates to the running configuration.
Configuring Kerboros
Kerberos (designed and developed by MIT) provides strong authentication for client/server applications
using secret-key cryptography. Using Kerberos, a MU must prove its identity to a server (and vice versa)
NOTE: As part of the EAP configuration process, ensure a primary and optional secondary
Radius server have been properly configured to authenticate the users requesting access
to the EAP protected WLAN. For more information on configuring Radius Server support
for the EAP 802.1x WLAN, see Configuring External Radius Server Support on page 4-36.
MU Timeout Define the time (between 1- 60 seconds) for the switch’s retransmission of EAP-Request
packets. The default is 10 seconds.
MU Max Retries Specify the maximum number of times the switch retransmits an EAP-Request frame to the
client before it times out the authentication session. The default is 10 retries.