Description: The document describes how to connect a WLAN client to a network operating the 802.1X protocol.
Access credentials are checked against the
RADIUS server of a Windows 2008 R2 NPS server.
Requirements: - The LANCOM access point has a default configuration that connects it to the local network. It can be reached with LANconfig.
- A functional installed Windows Active Directory and a Windows CA (certificate server).
Scenario: The WLAN client establishes a connection to the access point. In this case, authentication does not use a password set on the access point and the WLAN client. Instead, a session is set up to a downstream central RADIUS server running on a Windows NPS server.
The server checks the access credentials (name and password) on a central database. This method allows the RADIUS server to operate as a central login service for large numbers of access points.
- The RADIUS server is a Windows 2008 R2 NPS server. In this example configuration, the NPS server has the local IP address 192.168.10.1.
- The authenticator is an access point of the type LANCOM L-452agn dual Wireless with the local IP address 192.168.10.100.
- The supplicant is a notebook with the Windows operating system.
Procedure: 1) Configuration steps on the LANCOM access point: 1.1) In
LANconfig, open the configuration dialog for the LANCOM access point and switch to the menu item
Configuration -> Wireless LAN -> General.
1.2) This example configuration uses the
Country setting for
Germany.
1.3) Switch to the menu
Physical WLAN settings.
1.4) This example configuration uses the
WLAN interface 1. For the WLAN interface, set the operation mode to
Access point.
1.5) On the
Radio tab, set the
frequency band, channel number, etc. to meet your needs.
1.6) Switch to the menu
Logical WLAN settings.
1.7) In this example configuration, the first network on WLAN interface 1 should
broadcast the SSID named Demo-RADIUS.
1.8) Open the menu
Configuration -> Wireless LAN -> 802.1X -> RADIUS servers... 1.9) Use
Add to enter the contact data to the RADIUS server running on the Windows NPS server.
Specify here the
IP address, the port, and the key (shared secret) of your RADIUS server from which users are managed centrally.
Note that the name entered here needs to match the passphrase configured in step 1.10. 1.10) Navigate to the menu
Configuration -> Wireless LAN -> 802.11i/WEP and click the button
WPA or private WEP settings.
1.11) Select the
settings for network 1 of the first WLAN interface and set the parameter
Method/key 1 length to the value
802.11i/(WPA)-802.1x.
1.12) As a RADIUS server, you must
enter the connection to the NPS server configured in step 1.9. 1.13) Close the dialogs with the
OK button and write the configuration back to the device. This concludes the configuration of the LANCOM access point.
2) Configuration steps on the Windows NPS server and WLAN client: The configuration steps on the Windows NPS server and the WLAN client are described in the following Knowledge Base document:
INFO: - Because the access point is the Authenticator in this scenario, it must be configured as RADIUS client in the configuration of the NPS server.