Description:
The document describes how to connect a WLAN client to a network operating=
the 802.1X protocol in a WLC scenario.
Access credentials are checked against the
RADIUS server of a Wind=
ows 2008 R2 NPS server.
With this 2nd alternative, =
all requests to the external RADIUS server are sent via the LANCOM access p=
oints to the LANCOM WLAN controller, which forwards the requests to the NPS=
server. Requirements:
- The LANCOM access points have a default configuration that connects the=
m to the local network, and they can be managed by the LANCOM WLAN controll=
er.
- A functional installed Windows Active Directory and a Windows CA (certi=
ficate server).
Scenario:
The WLAN client establishes a connection to the LANCOM access point, which=
is managed by a LANCOM WLAN controller. In this case, authentication does =
not use a password set on the access point and the WLAN client. Instead, a =
session is set up to a downstream central RADIUS server running on a Window=
s NPS server.
The server checks the access credentials (name and password) against a cen=
tral database. This method allows the RADIUS server to operate as a central=
login service for large numbers of access points.
- The RADIUS server is a Windows 2008 R2 NPS server. In =
this example configuration, the NPS server has the local IP address=
192.168.10.1.
- The authenticator is a LANCOM WLAN controller, which is managin=
g the LANCOM access points.
The supplicant is a
notebook running the Windows operating system<=
/strong>.=20
Procedure:
1) Configuration steps on a LANCOM WLAN controller:<=
/strong>
1.1) Open the configuration of the WLAN controller in LANconfig and navigate to the menu WLAN controller -> Profiles ->=
; Logical WLAN networks (SSIDs).
1.2) Create a new logical WLAN, in which authenti=
cation is performed by 802.1X.
- Set the Encryption option to 802.11i(WPA)-802.=
1X.
- In the RADIUS profile field, select the RADIUS profile=
DEFAULT.
1.3) Navigate to the menu RADIUS -> Server and activat=
e the RADIUS server by setting the field Authentication port to the value 1812.
1.4) Switch to the menu item RADIUS -> Server -> Forwarding<=
/strong>.
1.5) Now insert the name of the realm (in this case: NPS-SERVER)=
strong> into the Empty realm field.
1.6) Now click the Forwarding server button and create a =
new entry, which describes the connection to the N=
PS server.
1.7) Close the dialogs with the OK button and write the c=
onfiguration back to the device. The configuration of the LANCOM WLAN contr=
oller is now complete.
2) Configuration steps on the Windows=
NPS server and WLAN client:
The configuration steps on the Windows NPS server and the WLAN client are =
described in the following Knowledge Base document:
INFO:=
strong>
WLAN controller is the Authenticator
- in this scenario, it must be
created as a RADIUS client in the configuration of the NPS ser=
ver.