Description:

The document describes how to connect a WLAN client to a network operating the 802.1X protocol.
Access credentials are checked against the RADIUS server of a Windows 2008 R2 NPS server.


Requirements:
  • The LANCOM access point has a default configuration that connects it to the local network. It can be reached with LANconfig.
  • A functional installed Windows Active Directory and a Windows CA (certificate server).


Scenario:

The WLAN client establishes a connection to the access point. In this case, authentication does not use a password set on the access point and the WLAN client. Instead, a session is set up to a downstream central RADIUS server running on a Windows NPS server.

The server checks the access credentials (name and password) on a central database. This method allows the RADIUS server to operate as a central login service for large numbers of access points.
  • The RADIUS server is a Windows 2008 R2 NPS server. In this example configuration, the NPS server has the local IP address 192.168.10.1.
  • The authenticator is an access point of the type LANCOM L-452agn dual Wireless with the local IP address 192.168.10.100.
  • The supplicant is a notebook with the Windows operating system.






Procedure:

1) Configuration steps on the LANCOM access point:

1.1) In LANconfig, open the configuration dialog for the LANCOM access point and switch to the menu item Configuration -> Wireless LAN -> General.

1.2) This example configuration uses the Country setting for Germany.



1.3) Switch to the menu Physical WLAN settings.



1.4) This example configuration uses the WLAN interface 1. For the WLAN interface, set the operation mode to Access point.



1.5) On the Radio tab, set the frequency band, channel number, etc. to meet your needs.



1.6) Switch to the menu Logical WLAN settings.



1.7) In this example configuration, the first network on WLAN interface 1 should broadcast the SSID named Demo-RADIUS.



1.8) Open the menu Configuration -> Wireless LAN -> 802.1X -> RADIUS servers...



1.9) Use Add to enter the contact data to the RADIUS server running on the Windows NPS server.

Specify here the IP address, the port, and the key (shared secret) of your RADIUS server from which users are managed centrally. Note that the name entered here needs to match the passphrase configured in step 1.10.



1.10) Navigate to the menu Configuration -> Wireless LAN -> 802.11i/WEP and click the button WPA or private WEP settings.



1.11) Select the settings for network 1 of the first WLAN interface and set the parameter Method/key 1 length to the value 802.11i/(WPA)-802.1x.

1.12) As a RADIUS server, you must enter the connection to the NPS server configured in step 1.9.



1.13) Close the dialogs with the OK button and write the configuration back to the device. This concludes the configuration of the LANCOM access point.


2) Configuration steps on the Windows NPS server and WLAN client:

The configuration steps on the Windows NPS server and the WLAN client are described in the following Knowledge Base document:
INFO:
  • Because the access point is the Authenticator in this scenario, it must be configured as RADIUS client in the configuration of the NPS server.