...
| Info |
|---|
Access points that are operated in a WLAN-Controller scenario must each be configured individually. A central configuration of the steps described here via a WLAN-Controller is not possible. This scenario can also be implemented with LCOS LX access points. |
Requirements:
- LANCOM router as the RADIUS server
- Access point with LCOS
- Switch of the GS-23xx series
- LCOS as of version 9.24 or 10.30 when using SWOS as of version 3.32 RU7 (download latest version)
- LANtools as of version 9.24 (download latest version), 10.40 RU1 when configuring the access point via LANconfig
- Any web browser for accessing the web interface of the GS-23xx and the access point
...
- A LANCOM router with the IP address 192.168.1.254 is operating as a RADIUS server.
- A switch of the GS-23xx series with the IP address 192.168.1.250 is operating as a RADIUS authenticator. The switch therefore forwards the requests from the access point to the RADIUS server.
- An access point with LCOS presents its authorization credentials and logs on to the switch, thus acting as the RADIUS supplicant.
- After a successful login to the RADIUS server, the switch should enable communication on the port that the access point is connected to.
Procedure:
1) Configuring the RADIUS server on the LANCOM router:
...
| Info |
|---|
As of SWOS 3.32 RU7 the switch sends RADIUS requests with the Service type Call check. In this case the Service type in this menu als has to be set to Call check. As an alternative the option Any can also be selected. As of LCOS SX 3.34 Rel the Service type Framed is used for RADIUS requests and the Service type Call-Check is used for MAC-based requests. In this case the Service type has to be set to Framed. As an alternative the option Any can also be selected. The Service type Call check is supported as of LCOS 10.30. |
...
| Info |
|---|
With the option Port-based 802.1X, solely the access point should be able to authenticate itself. All other end devices connected via WLAN can communicate via the switch port without authentication. For this reason it is important to provide the WLAN end devices with their own network that is separated from the management network by VLAN. You can use this Knowledge Base article to help you here. |
2.3) Navigate to the menu Maintenance → Save/Restore → Save Start and click on Save so that the configuration is saved as a Start configuration.
...
cd /Setup/LAN/IEEE802.1x/Supplicant-Ifc-Setup
3.2) Go to the path for the LAN interface. For this example we are using interface LAN-1.
...
3.4) Use the following command to set the authentication method as PEAP/MSCHAPv2:
set Method PEAP/MSCHAPv2
| Info |
|---|
As an alternative, you can use the following script to upload the changes to the access point with LANconfig. Please be sure to add the relevant username and password to the file first. |