Setup 802.1x PEAP wireless authentication on Intel Centrino and Vantage Radius
Vantage Radius provide to perform real time transactions of the Radius server such as administrator login, the Radius server authenticate request, the Radius accounting request, authenticate reply and accounting reply.
Wireless connect to the WLAN in the same way you would access an authenticated wireless Access Point (AP). The wireless AP provide authentication for user accounts via Vantage Radius, which is invisible to the individual clients.
Client usernames and passwords are forwarded from a wireless network to Vantage Radius, which then validate them against its own list. This ensure that only individuals with valid account will be granted network access.
Here comes an example for setting up 802.1x PEAP wireless authentication on Intel Centrino station via AP to the Vantage Radius.
1. Operation System: Windows 2000 (SP4) and Centrino wireless support
2. Access Point: ZyAIR B1000v2
3. Radius: Vantage Radius
1. After we login the the Vantage Radius Web configurator, Click RADIUS, select RADIUS SERVER.
2. Type the Authentication Port (default 1812).
3. Type the Share Key for Vantage Radius and Access Point (ZyAIR B-1000v2)
4. Click USER ACCOUNT, then, click Add New User button to create a user account.
5. Type User Name and Password, click Apply to exit.
1. Connect to the Access point's console or telnet to the Access Point. (The default IP address of ZyAIR B1000v2 is 192.168.1.2)
2. Get into SMT menu 3.5, configure the ESSID of your AP.
3. Get into SMT menu 23.4 - System Security.
4. Configure the Wireless Port Protocol as Authentication Required.
5. Select the Key Management Protocol as 802.1x.
6. Select Authentication Database as RADIUS only.
7. Get into SMT menu 23.2 - System Security - RADIUS Server
Configure the Authentication Server:
Active =Yes
Server Address= 192.168.1.3
Port= 1812
Shared Key=XXXX (as you configured in Vantage Radius)
A. Install Root Certificate in you laptop
1. Get into Vantage Radius Web Browser > RADIUS > ROOT CA
2. Click Download Root CA Certificate, download the Root CA to your local PC.
3. After you downloaded the Root CA, click Install Certificate to nstall.
4. Click Next.
5. Click Next.
6. Click Finish to complete the installation.
7. Click Yes to add the CA to the root store.
8. Click OK.
B. Configuring your Laptop
The steps required to configure a laptop running Windows 2000 (with service pack 4) to connect to the wireless network.
Go to the configuration section of your wireless card adapter. Depending on your setup, the location of this can vary.
1. Go to Start > Settings > Network and Dial-up Connections.
2. Right click on the wireless connection and select Properties.
3. Click Configure in the Wireless Network Properties window.
4. In the Adapter Properties window:
Select the Wireless Network tab
Enter the Network Name (SSID).
Then click the Security button.
5. In the Security window, ensure the following settings are entered:
Network Authentication: Open
Data Encryption (WEP): None
Then click OK to return to the Adapter Properties window.
6. Click OK in the Adapter Properties window to return to the Wireless Network Properties window.
In the Wireless Network Properties window, select the Authentication tab. Enter the following settings:
Click the check box to Enable IEEE 802.1x authentication for this network.
Select Protected EAP (PEAP) as the EAP type from the drop down menu.
Check the box to enable you to Authenticate as computer when computer information is available
Then, Click on Properties for PEAP properties.
7. In the Protected EAP Properties window:
Check Validate server certificate. Select the server's CA ZyXEL.
Choose Secured password (EAP-MSCHAP v2) as the Authentication Method.
Click on Configure to configure the EAP MSCHAPv2 Properties.
8. In the EAP MSCHAPv2 Properties window:
Un-check the box which says Automatically use my windows logon name and password (that is, unless your windows logon and password are identical to you
Vantage Radius login and password).
9. Click OK in the current (EAP MSCHAPv2 Properties) window.
10. Click OK in the Protected EAP Properties window.
11. Click OK in the Wireless Network Connection window.
12 .Connecting to the Wireless Network.
If everything was entered correctly, the following screen will appear. To connect to the wireless network, enter your FIT username and password. The Logon domain field can remain blank.
All contents copyright © 2004 ZyXEL Communications Corporation.