<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML ><HEAD ><TITLE >Authenticator: Setting up the Authenticator (Access Point)</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="802.1X Port-Based Authentication HOWTO" HREF="index.html"><LINK REL="PREVIOUS" TITLE="Supplicant: Setting up Xsupplicant" HREF="xsupplicant.html"><LINK REL="NEXT" TITLE="Testbed" HREF="testbed.html"></HEAD ><BODY CLASS="sect1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >802.1X Port-Based Authentication HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="xsupplicant.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="testbed.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="sect1" ><H1 CLASS="sect1" ><A NAME="authenticator" ></A >5. Authenticator: Setting up the Authenticator (Access Point)</H1 ><P > During the authentication process, the Authenticator just relays all messages between the Supplicant and the Authentication Server (RADIUS). EAPOL is used between the Supplicant and the Authenticator; and, between the Authenticator and the Authentication Server, UDP is used. </P ><DIV CLASS="sect2" ><H2 CLASS="sect2" ><A NAME="AP" ></A >5.1. Access Point</H2 ><P > Many access point have support for 802.1X (and RADIUS) authentication. It must first be configured to use 802.1X authentication. </P ><DIV CLASS="note" ><P ></P ><TABLE CLASS="note" WIDTH="100%" BORDER="0" ><TR ><TD WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG SRC="../images/note.gif" HSPACE="5" ALT="Note"></TD ><TD ALIGN="LEFT" VALIGN="TOP" ><P > <EM >Configuring and setting up 802.1X on the AP may differ between vendors.</EM > Listed below are the required settings to make a Cisco AP350 work. Other settings to TIKP, CCMP etc. may also be configured. </P ></TD ></TR ></TABLE ></DIV ><P > The AP must set the ESSID to <SPAN CLASS="QUOTE" >"testnet"</SPAN > and must activate: </P ><DIV CLASS="mediaobject" ><P ><IMG SRC="images/8021X-CiscoAP.png" ALIGN="center" WIDTH="599"><DIV CLASS="caption" ><P >Figure AP350: The RADIUS configuration screen for a Cisco AP-350</P ></DIV ></P ></DIV ><P ></P ><UL ><LI ><P > <EM >802.1X-2001:</EM > Make sure the 802.1X Protocol version is set to <SPAN CLASS="QUOTE" >"802.1X-2001"</SPAN >. Some older Access Points support only the draft version of the 802.1X standard (and may therefore not work). </P ></LI ><LI ><P > <EM >RADIUS Server:</EM > the name/IP address of the RADIUS server and the shared secret between the RADIUS server and the Access Point (which in this document is "SharedSecret99"). See figure <A HREF="authenticator.html#ciscoAP" >AP350</A >. </P ></LI ><LI ><P > <EM >EAP Authentication:</EM > The RADIUS server should be used for EAP authentication. </P ></LI ></UL ><DIV CLASS="mediaobject" ><P ><IMG SRC="images/8021X-CiscoAP2.png" ALIGN="center" WIDTH="604"><DIV CLASS="caption" ><P >Figure AP350-2: The Encryption configuration screen for a Cisco AP-350</P ></DIV ></P ></DIV ><P ></P ><UL ><LI ><P > <EM >Full Encryption</EM > to allow only encrypted traffic. Note that 802.1X may be used without using encryption, which is nice for test purposes. </P ></LI ><LI ><P > <EM >Open Authentication</EM > to make the Supplicant associate with the Access Point before encryption keys are available. Once the association is done, the Supplicant may start EAP authentication. </P ></LI ><LI ><P > <EM >Require EAP</EM > for the <SPAN CLASS="QUOTE" >"Open Authentication"</SPAN >. That will ensure that only authenticated users are allowed into the network. </P ></LI ></UL ></DIV ><DIV CLASS="sect2" ><H2 CLASS="sect2" ><A NAME="LinuxAP" ></A >5.2. Linux Authenticator</H2 ><P > An ordinary Linux node can be set up to function as a wireless Access Point and Authenticator. How to set up and use Linux as an AP is beyond the scope of this document. Simon Anderson's <A HREF="http://oob.freeshell.org/nzwireless/LWAP-HOWTO.html" TARGET="_top" >Linux Wireless Access Point HOWTO</A > may be of guidance. </P ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="xsupplicant.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="testbed.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Supplicant: Setting up Xsupplicant</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Testbed</TD ></TR ></TABLE ></DIV ></BODY ></HTML >