This lesson describes how to configure an Open BAT as 802.1x authenticator.
You may need to refer to the following lessons for a complete working 802.1x environment (Supplicant - Authenticator - Server):
- How to configure an Open BAT as 802.1x supplicant
- How to use an Open BAT or a Controller as RADIUS Server and set up User accounts
These How to are complementary and use the following settings for the radius authentication:
EAP - PEAP with MSCHAPv2 as tunnel method.
Give the BAT an IP address (in our example: 192.168.1.140)
You can refer to the lesson ""How to give an Open BAT or a WLC an IP address""
Add the BAT in LANconfig
You can refer to the lesson ""How to discover a BAT or a WLC in LANconfig""
Configure the BAT as an Access Point
You can refer to the lesson ""How to configure an Open BAT as Access Point"" but only configure WLAN-1 and refer to this lesson for the security settings.
Enter the RADIUS Server address and shared secret
Configuration > Wireless LAN > 802.1X > RADIUS servers > Add
Give an name to identify the server (this name is only used locally on the Authenticator)
Indicate the IP address of the server (in our example: 192.168.1.150)
Indicate the server port and the shared secret. They will have to match with the ones configured on the RADIUS server
(see to the lesson ""How to use an Open BAT or a Controller as RADIUS Server and set up User accounts"")
Configuration > Wireless LAN > 802.11i/WEP > WPA or Private WEP settings
Select the relevant network (in our case Wireless LAN 1 - Network 1) and Edit
In the new dialog make sure that the encryption is activated.
Select as Method: 802.11i (WPA)-802.1x
In the passphrase field, enter the name of the RADIUS server (the one configured in the precedent step)
This Access Point is now ready to be used as authenticator or NAS (Network Access Server)