LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/8021X-HOWTO/authenticator.html

319 lines
5.1 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>Authenticator: Setting up the Authenticator (Access
Point)</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="802.1X Port-Based Authentication HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Supplicant: Setting up Xsupplicant"
HREF="xsupplicant.html"><LINK
REL="NEXT"
TITLE="Testbed"
HREF="testbed.html"></HEAD
><BODY
CLASS="sect1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>802.1X Port-Based Authentication HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="xsupplicant.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="testbed.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="authenticator"
></A
>5. Authenticator: Setting up the Authenticator (Access
Point)</H1
><P
>&#13; During the authentication process, the Authenticator just relays all
messages between the Supplicant and the Authentication Server
(RADIUS). EAPOL is used between the Supplicant and the Authenticator;
and, between the Authenticator and the Authentication Server, UDP is
used.
</P
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AP"
></A
>5.1. Access Point</H2
><P
>&#13; Many access point have support for 802.1X (and RADIUS)
authentication. It must first be configured to use 802.1X
authentication.
</P
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>&#13; <EM
>Configuring and setting up 802.1X on the AP may differ
between vendors.</EM
> Listed below are the required settings to
make a Cisco AP350 work. Other settings to TIKP, CCMP etc. may also
be configured.
</P
></TD
></TR
></TABLE
></DIV
><P
>&#13; The AP must set the ESSID to <SPAN
CLASS="QUOTE"
>"testnet"</SPAN
> and must
activate:
</P
><DIV
CLASS="mediaobject"
><P
><IMG
SRC="images/8021X-CiscoAP.png"
ALIGN="center"
WIDTH="599"><DIV
CLASS="caption"
><P
>Figure AP350: The RADIUS configuration screen for a Cisco
AP-350</P
></DIV
></P
></DIV
><P
></P
><UL
><LI
><P
>&#13; <EM
>802.1X-2001:</EM
> Make sure the 802.1X Protocol
version is set to <SPAN
CLASS="QUOTE"
>"802.1X-2001"</SPAN
>. Some older Access
Points support only the draft version of the 802.1X standard (and
may therefore not work).
</P
></LI
><LI
><P
>&#13; <EM
>RADIUS Server:</EM
> the name/IP address of the
RADIUS server and the shared secret between the RADIUS server and
the Access Point (which in this document is "SharedSecret99"). See
figure <A
HREF="authenticator.html#ciscoAP"
>AP350</A
>.
</P
></LI
><LI
><P
>&#13; <EM
>EAP Authentication:</EM
> The RADIUS server should be
used for EAP authentication.
</P
></LI
></UL
><DIV
CLASS="mediaobject"
><P
><IMG
SRC="images/8021X-CiscoAP2.png"
ALIGN="center"
WIDTH="604"><DIV
CLASS="caption"
><P
>Figure AP350-2: The Encryption configuration screen for a
Cisco AP-350</P
></DIV
></P
></DIV
><P
></P
><UL
><LI
><P
>&#13; <EM
>Full Encryption</EM
> to allow only encrypted
traffic. Note that 802.1X may be used without using encryption,
which is nice for test purposes.
</P
></LI
><LI
><P
>&#13; <EM
>Open Authentication</EM
> to make the Supplicant
associate with the Access Point before encryption keys are
available. Once the association is done, the Supplicant may start EAP
authentication.
</P
></LI
><LI
><P
>&#13; <EM
>Require EAP</EM
> for the <SPAN
CLASS="QUOTE"
>"Open
Authentication"</SPAN
>. That will ensure that only authenticated
users are allowed into the network.
</P
></LI
></UL
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="LinuxAP"
></A
>5.2. Linux Authenticator</H2
><P
>&#13; An ordinary Linux node can be set up to function as a wireless Access
Point and Authenticator. How to set up and use Linux as an AP is
beyond the scope of this document. Simon Anderson's <A
HREF="http://oob.freeshell.org/nzwireless/LWAP-HOWTO.html"
TARGET="_top"
>Linux
Wireless Access Point HOWTO</A
> may be of guidance.
</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="xsupplicant.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="testbed.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Supplicant: Setting up Xsupplicant</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Testbed</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink