www.interlinknetworks.com



Similar documents
Interlink Networks RAD-Series AAA Server and RSA Security Two-Factor Authentication

Interlink Networks Secure.XS and Cisco Wireless Deployment Guide

RAD-Series RADIUS Server Version 7.1

Configuring WPA-Enterprise/WPA2 with Microsoft RADIUS Authentication

RAD-Series RADIUS Server Version 7.3

Application Note. Setting up RADIUS authentication on Opengear devices using Windows 2003 Internet Authentication Service

Configuring Microsoft RADIUS Server and Gx000 Authentication. Configuration Notes. Revision 1.0 February 6, 2003

A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2

Authentication, Authorization and Accounting (AAA) Protocols

Quick Start Guide for Zone Director Controller

EAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Lab Configuring LEAP/EAP using Local RADIUS Authentication

Configuration of Cisco Autonomous Access Point with 802.1x Authentication for Avaya 3631 Wireless Telephone

Developing Network Security Strategies

Product Summary RADIUS Servers

Configuring Cisco Secure ACS v5.5 to use RADIUS for Orchestrator Authentication

Network Authentication X Secure the Edge of the Network - Technical White Paper

Defender EAP Agent Installation and Configuration Guide

Lecture 3. WPA and i

802.1X Client Software

EasyServer II RADIUS authentication accounting dialin remote access

Extensible Authentication Protocol Transport Layer Security Deployment Guide for Wireless LAN Networks

From Release 8.0, IPv6 can also be used to configure the LDAP server on the controller.

Cisco Secure Access Control Server 4.2 for Windows

Configuring RADIUS Servers

802.1X AUTHENTICATION IN ACKSYS BRIDGES AND ACCESS POINTS

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Configuring Settings on the Cisco Unified Wireless IP Phone 7925G

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

Design of a Network Security Testing Environment

Management Authentication using Windows IAS as a Radius Server

Massey University Wireless Network - Client

Case Study - Configuration between NXC2500 and LDAP Server

EAP-WAI Authentication Protocol

Virtual Private Network (VPN)

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Fireware How To Authentication

Belnet Networking Conference 2013

WLAN Security: Identifying Client and AP Security

Secure Friendly Net Detection Server. July 2006

White Paper. Multi-SSID WLAN Access Point. Multi SSID Release 01 06/10. Technical Support

Step-by-Step Secure Wireless for Home / Small Office and Small Organizations

WIRELESS SETUP FOR WINDOWS 7

Configuring CSS Remote Access Methods

Configuring connection settings

Wireless Local Area Networks (WLANs)

The 802.1x specification

Configuring Wireless Security on ProSafe wireless routers (WEP/WPA/Access list)

RADIUS: A REMOTE AUTHENTICATION DIAL-IN USER SERVICE

Microsoft Windows 2003 DNS Server for Wireless LAN Controller (WLC) Discovery Configuration Example

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Locking Users into a VPN 3000 Concentrator Group Using a RADIUS Server

Intelligent, Functional and Effective Gateways for Small Business Applications

Configuration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview

Nokia E90 Communicator Using WLAN

CISCO WIRELESS SECURITY SUITE

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Nokia E61i Configuring connection settings

Bridge Functions Consortium

NXC5500/2500. Application Note w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015

Cisco VPN Concentrator Implementation Guide

Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz

Portal Authentication Technology White Paper

Link Layer and Network Layer Security for Wireless Networks

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Vantage RADIUS 50. Quick Start Guide Version 1.0 3/2005

How To Manage An Rsa Rdius Server

DIGIPASS Authentication for Cisco ASA 5500 Series

AAA Radius and Diameter Server Market Shares, Strategies, and Forecasts, 2009 to 2015

How To Get A Power Station To Work With A Power Generator Without A Substation

Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

Deployment of IEEE 802.1X for Wired Networks Using Microsoft Windows

7750 SR OS System Management Guide

Routing and Remote Access Service

Configuring the Watchguard Edge for RADIUS authentication

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

Integration Guide. SafeNet Authentication Service. Using RADIUS Protocol for Radiator RADIUS Server

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

Link Layer and Network Layer Security for Wireless Networks

Borderware Firewall Server Version 7.1. VPN Authentication Configuration Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

Defender 5.7. Remote Access User Guide

Microsoft IAS Configuration for RADIUS Authorization

LOAD BALANCING 2X APPLICATIONSERVER XG SECURE CLIENT GATEWAYS THROUGH MICROSOFT NETWORK LOAD BALANCING

Wireless VPN White Paper. WIALAN Technologies, Inc.

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

Written by Edmond Ng on behalf of D-Link for a Thai magazine (before translation) Page 1 of 4

APPLICATION NOTE No

Configuring Timeout, Retransmission, and Key Values Per RADIUS Server

IEEE 802.1X Overview. Port Based Network Access Control

co Sample Configurations for Cisco 7200 Broadband Aggreg

PCI v2.0 Compliance for Wireless LAN

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

SonicWALL Global Management System Configuration Guide Standard Edition

PaperClip. em4 Cloud Client. Manual Setup Guide

Transcription:

2002 Interlink Networks, Inc. Revision All Rights Reserved. This document is copyrighted by Interlink Networks Incorporated (Interlink Networks). The information contained within this document is subject to change without notice. Interlink Networks does not guarantee the accuracy of the information. Trademark Information Brand or product names may be registered trademarks of their respective owners. Interlink Networks, Inc. 775 Technology Drive, Suite 200 Ann Arbor, MI 48108 USA Phone: 734-821-1200 Sales: 734-821-1228 Fax: 734-821-1235 info@interlinknetworks.com sales@interlinknetworks.com www.interlinknetworks.com

Using 802.1X for Wireless Local Area Networks with Interlink Networks Software INTRODUCTION The IEEE 802.1X standard, Port Based Network Access Control, defines a mechanism for port-based network access control that makes use of the physical access characteristics of IEEE 802 LAN infrastructure. It provides a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connections characteristics. It also prevents access to that port in cases in which the authentication and authorization fails. Many new 802.11 wireless LAN access points are advertised as employing IEEE 802.1X for enhanced security. 802.1X, if utilized properly, can indeed provide a network with a higher level of security. The 802.1X specification includes a number of features aimed specifically at supporting the use of port access control in IEEE 802.11 LANs (WLAN). For background information on 802.1X see the Interlink Networks white paper Introduction to 802.1X for Wireless Local Area Networks. INTERLINK NETWORKS SUPPORT FOR 802.1X To authenticate users with EAP, you will need to modify the configuration files to identify the wireless access point, the users' realms, and the user profiles. The following steps will configure the RAD-Series or Secure.XS servers to authenticate WLAN users: Configure the Clients File In the clients file, add the access point: Name Shared-secret Type=Vendor:NAS+options Name identifies the IP address or DNS name of the access point. Using 802.1X for Wireless Local Area Networks with Interlink Networks Software Page 3

Shared-secret identifies the secret is the encryption key, or shared secret, between the access point and the authentication server. Type=NAS identifies the client as an access device. You may specify the Vendor of the access point if the vendor appears in the vendors file. Various +options may be appended to Type=NAS to define additional instructions to handle the Access-Request. The following example clients file entry identifies a Cisco Aironet 350 access point named w03 with a shared secret of secret : w03.yourdomain.com secret Type=Cisco:NAS Configure the Users File For each individual user that will be authenticated through EAP, you will need to add a user profile to the users file: User-name@Realm Authentication Type = Realm, Check-items Reply-items User-name@Realm identifies the user profile by user name and the user's realm. Authentication Type = Realm must be specified so that the authfile is checked to determine that EAP is the protocol for the user's realm. Check-items is a list of one or more check items and other configuration A-V pairs that define authentication and authorization for the user. Most user profiles will have a password and many will have other items. Reply-items is a list of one or more reply items that define authorization for the user. The following example users file entry identifies the user, Joe, in the mydomain.com realm. Joe@mydomain.com Authentication-Type = Realm, Password = Joepassword The Realm authentication type directs the server to the authfile. The authfile identifies EAP and what type of EAP to perform when authenticating the users. Configure the authfile For each realm using EAP, you must associate the realm name with the type of EAP to perform by adding the following entry in the RAD-P server s authfile: Name EAP Description { EAP-Type Challenge... } Name identifies the name of the realm that will use EAP. EAP indicates that EAP will be used as the authentication type. Description can be any string. Must be enclosed in quotes if the string contains spaces or tabs. Using 802.1X for Wireless Local Area Networks with Interlink Networks Software Page 4

EAP-Type indicates what type of EAP, as identified by Challenge, to use. Multiple types may be listed. The AAA server will first attempt to resolve a challenge according to each listed type, starting with the first listed type. If the challenge fails for all listed types, the AAA server will return an Access-Reject. The following example authfile entry instructs the server to use LEAP authentication for the realm mydomain.com: mydomain.com EAP "CiscoLEAP realm" { EAP-Type CiscoLEAP } Using 802.1X for Wireless Local Area Networks with Interlink Networks Software Page 5

ABOUT INTERLINK NETWORKS THE COMPANY Interlink Networks is a leader in securing access to public and private networks. Our products manage user access to dial-in, broadband, mobile, and wireless LAN networks. Interlink Networks RADIUS-based access control software provides the authentication, authorization, and accounting infrastructure that enables secure and reliable network access for thousands of enterprise and service provider networks worldwide. Interlink Networks is headquartered in Ann Arbor, Michigan. We have a worldwide network of resellers and distributors. OUR MISSION Interlink Networks mission is to be a worldwide leader in providing solutions for securing access to public and private networks. By securing access to the network, we provide network operators the first line of defense against unauthorized access to an organization's computing resources. OUR HISTORY In July 2000, Interlink Networks was formed by a spin out of technology and developers from Merit Network, Inc., a world-renowned designer, developer, and implementer of Internet technology, hosted at the University of Michigan. The founders of Interlink Networks spent over a decade defining and developing the world's best carrier-class RADIUS (Remote Access Dial-In User Services) server. Mr. John Vollbrecht, Interlink Networks' Founder and CTO, issued the first RFP for centralized AAA ten years ago, and championed the resulting RADIUS standards through the IETF Standards Groups. Mr. Vollbrecht s name is on many of the RFCs that define RADIUS and AAA. The charter of Interlink Networks is to expand upon its vision of providing the most advanced authentication products, and to expand its solution set beyond remote access into other network access mechanisms that require authentication and authorization. As networks become more complex, and the means to access networks expands, Interlink will continue to assure that the interlinks between users and their networks are protected and secure.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information