D-Link AirPremier DWL-2210AP Manual page 141

Appendix A: Configuring Security Settings on Wireless Clients
IEEE 802.1x Client Using EAP/TLS Certificate
Extensible Authentication Protocol (EAP) Transport Layer Security (TLS), or
EAP-TLS, is an authentication protocol that supports the use of smart cards and
certificates. You have the option of using EAP-TLS with both WPA with RADIUS
and IEEE 802.1x modes if you have an external RADIUS server on the network to
support it.
If you want to use IEEE 802.1x mode with EAP-TLS certificates for authentication and
authorization of clients, you must have an external RADIUS server and a Public Key Authority
Infrastructure (PKI), including a Certificate Authority (CA), server configured on your network.
It is beyond the scope of this document to describe these configuration of the RADIUS
server, PKI, and CA server. Consult the documentation for those products.
Some good starting points available on the Web for the Microsoft Windows PKI software
are: "How to Install/Uninstall a Public Key Certificate Authority for Windows 2000" at
http://support.microsoft.com/default.aspx?scid=kb;EN-US;231881
a Certificate Server at
http://support.microsoft.com/default.aspx?scid=kb;en-us;318710#3.
To use this type of security, you must do the following:
1. Add the D-Link DWL-2210AP to the list of RADIUS server clients. (See
"Configuring an External RADIUS Server to Recognize the D-Link DWL-2210AP" in
this manual.)
2. Configure the D-Link DWL-2210AP to use your RADIUS server (by providing the
RADIUS server IP address as part of the "IEEE 802.1x" security mode settings).
3. Configure wireless clients to use IEEE 802.1x security and "Smart Card or other
Certificate" as described in this section.
4. Obtain a certificate for this client as described in "Obtaining a TLS-EAP Certificate
for a Client" in this manual.
141
and How to Configure