110 | Authentication Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0 | User GuideController (the client certificate must be signed by a known CA) before the user name is checked on theauthentication server. EAP-TTLS (MSCHAPv2)— The Extensible Authentication Protocol-Tunneled Transport Layer Security(EAP-TTLS) method uses server-side certificates to set up authentication between clients and servers.However, the actual authentication is performed using passwords. EAP-PEAP (MSCHAPv2)— Protected Extensible Authentication Protocol (PEAP) is an 802.1Xauthentication method that uses server-side public key certificates to authenticate clients with server. ThePEAP authentication creates an encrypted SSL / TLS tunnel between the client and the authentication server.Exchange of information is encrypted and stored in the tunnel ensuring the user credentials are kept secure. LEAP— Lightweight Extensible Authentication Protocol (LEAP) uses dynamic WEP keys for authenticationbetween the client and authentication server.External RADIUS ServerIn the external RADIUS server, the IP address of the Virtual Controller is configured as the NAS IP address.Instant RADIUS is implemented on the Virtual Controller, and this feature eliminates the need to configuremultiple NAS clients for every IAP on the RADIUS server for client authentication. Instant RADIUS dynamicallyforwards all the authentication requests from a NAS to a remote RADIUS server. The RADIUS server responds tothe authentication request with an Access-Accept or Access-Reject message, and users are allowed or deniedaccess to the network depending on the response from the RADIUS server.When you enable the external RADIUS server option for the network, the authenticator on the IAP sends aRADIUS packet to the local IP address. The external RADIUS server then listens and responds to the RADIUSpacket.The following authentication methods are supported in Dell Instant network:Authentication Terminated on IAPDell Instant allows EAP termination for PEAP-GTC and PEAP-MSCHAV2. PEAP-GTC termination allowsauthorization against an LDAP server and external RADIUS server while PEAP-MSCHAV2 allows authorizationagainst an external RADIUS server. This will allow users to run PEAP-GTC termination with their own usernameand password to a local Microsoft Active Directory server with LDAP authentication.The following EAP-Type methods are described below:EAP-Generic Token Card (GTC)— This EAP method permits the transfer of unencrypted usernames andpasswords from client to server. The main uses for EAP-GTC are one-time token cards such as SecureID and theuse of LDAP or RADIUS as the user authentication server. You can also enable caching of user credentials on theIAP as a backup to an external authentication server.EAP-Microsoft Challenge Authentication Protocol version 2 (MS-CHAPv2)— This EAP method is widelysupported by Microsoft clients.A RADIUS server must be used as the backend authentication server.If you are using the IAP’s internal database for user authentication, you need to add the names and passwords ofthe users to be authenticated. If you are using an LDAP server for user authentication, you need to configure theLDAP server on the Virtual Controller, and configure user IDs and passwords. If you are using a RADIUS serverfor user authentication, you need to configure the RADIUS server on the Virtual Controller.Configuring an External RADIUS ServerTo configure an external RADIUS server for a wireless network:1. Click New in the Networks tab and select the appropriate Primary usage.2. Click Next to continue.NOTE: Dell does not recommend to use the LEAP authentication method because it does not provide any resistance to networkattacks.