Sophie

Sophie

distrib > Mandriva > 2010.1 > x86_64 > by-pkgid > 965e33040dd61030a94f0eb89877aee8 > files > 39

howto-html-en-20080722-2mdv2010.1.noarch.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>Authenticator: Setting up the Authenticator (Access
 Point)</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="802.1X Port-Based Authentication HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Supplicant: Setting up Xsupplicant"
HREF="xsupplicant.html"><LINK
REL="NEXT"
TITLE="Testbed"
HREF="testbed.html"></HEAD
><BODY
CLASS="sect1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>802.1X Port-Based Authentication HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="xsupplicant.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="testbed.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="authenticator"
></A
>5. Authenticator: Setting up the Authenticator (Access
 Point)</H1
><P
>&#13; During the authentication process, the Authenticator just relays all
 messages between the Supplicant and the Authentication Server
 (RADIUS). EAPOL is used between the Supplicant and the Authenticator;
 and, between the Authenticator and the Authentication Server, UDP is
 used.
 </P
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AP"
></A
>5.1. Access Point</H2
><P
>&#13; Many access point have support for 802.1X (and RADIUS)
 authentication. It must first be configured to use 802.1X
 authentication.
 </P
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>&#13; <EM
>Configuring and setting up 802.1X on the AP may differ
 between vendors.</EM
> Listed below are the required settings to
 make a Cisco AP350 work. Other settings to TIKP, CCMP etc. may also
 be configured.
 </P
></TD
></TR
></TABLE
></DIV
><P
>&#13; The AP must set the ESSID to <SPAN
CLASS="QUOTE"
>"testnet"</SPAN
> and must
 activate: 
 </P
><DIV
CLASS="mediaobject"
><P
><IMG
SRC="images/8021X-CiscoAP.png"
ALIGN="center"
WIDTH="599"><DIV
CLASS="caption"
><P
>Figure AP350: The RADIUS configuration screen for a Cisco
    AP-350</P
></DIV
></P
></DIV
><P
></P
><UL
><LI
><P
>&#13;  <EM
>802.1X-2001:</EM
> Make sure the 802.1X Protocol
  version is set to <SPAN
CLASS="QUOTE"
>"802.1X-2001"</SPAN
>. Some older Access
  Points support only the draft version of the 802.1X standard (and
  may therefore not work).
  </P
></LI
><LI
><P
>&#13;  <EM
>RADIUS Server:</EM
> the name/IP address of the
  RADIUS server and the shared secret between the RADIUS server and
  the Access Point (which in this document is "SharedSecret99"). See
  figure <A
HREF="authenticator.html#ciscoAP"
>AP350</A
>.
  </P
></LI
><LI
><P
>&#13;  <EM
>EAP Authentication:</EM
> The RADIUS server should be
  used for EAP authentication.
  </P
></LI
></UL
><DIV
CLASS="mediaobject"
><P
><IMG
SRC="images/8021X-CiscoAP2.png"
ALIGN="center"
WIDTH="604"><DIV
CLASS="caption"
><P
>Figure AP350-2: The Encryption configuration screen for a
    Cisco AP-350</P
></DIV
></P
></DIV
><P
></P
><UL
><LI
><P
>&#13;  <EM
>Full Encryption</EM
> to allow only encrypted
  traffic. Note that 802.1X may be used without using encryption,
  which is nice for test purposes.
  </P
></LI
><LI
><P
>&#13;  <EM
>Open Authentication</EM
> to make the Supplicant
  associate with the Access Point before encryption keys are
  available. Once the association is done, the Supplicant may start EAP
  authentication.
  </P
></LI
><LI
><P
>&#13;  <EM
>Require EAP</EM
> for the <SPAN
CLASS="QUOTE"
>"Open
  Authentication"</SPAN
>. That will ensure that only authenticated
  users are allowed into the network.
  </P
></LI
></UL
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="LinuxAP"
></A
>5.2. Linux Authenticator</H2
><P
>&#13; An ordinary Linux node can be set up to function as a wireless Access
 Point and Authenticator. How to set up and use Linux as an AP is
 beyond the scope of this document. Simon Anderson's <A
HREF="http://oob.freeshell.org/nzwireless/LWAP-HOWTO.html"
TARGET="_top"
>Linux
 Wireless Access Point HOWTO</A
> may be of guidance.
 </P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="xsupplicant.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="testbed.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Supplicant: Setting up Xsupplicant</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Testbed</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional