802.1X Supplicant

IEEE 802.1X authentication enables the access point to gain access to a secured wired network. You can enable the access point as an 802.1X supplicant (client) on the wired network. A user name and password that are encrypted using the MD5 algorithm can be configured to allow the access point to authenticate using 802.1X.

On networks that use IEEE 802.1X port-based network access control, a supplicant cannot gain access to the network until the 802.1X authenticator grants access. If your network uses 802.1X, you must configure 802.1X authentication information on the WAP device, so that it can supply it to the authenticator.

The 802.1X Supplicant page is divided into three areas: Supplicant Configuration, Certificate File Status, and Certificate File Upload.

The Supplicant Configuration area enables you to configure the 802.1X operational status and basic settings.

Configuring the 802.1X Supplicant

To configure the 802.1X Supplicant:

 1. Select System Security > 802.1X Supplicant in the navigation pane.

 2. Click Refresh to update the Certificate file status.

 3. Enter the parameters:

 • Administrative Mode—Enables the 802.1X supplicant functionality.

 • EAP Method—The algorithm to be used for encrypting authentication user names and passwords.

 – MD5—A hash function defined in RFC 3748 that provides basic security.

 – PEAP—Protected Extensible Authentication Protocol, which provides a higher level of security than MD5 by encapsulating it within a TLS tunnel.

 – TLS—Transport Layer Security, as defined in RFC 5216, an open standard that provides a high level of security.

 • Username—The WAP device uses this username when responding to requests from an 802.1X authenticator. The username can be 1 to 64 characters long. ASCII-printable characters are allowed, which includes uppercase and lowercase alphabetic letters, numeric digits, and all special characters except quotation marks.

 • Password—The WAP device uses this MD5 password when responding to requests from an 802.1X authenticator. The password can be 1 to 64 characters in length. ASCII-printable characters are allowed, which includes uppercase and lowercase alphabetic letters, numeric digits, and all special characters except quotation marks.

Note In EAP-TLS mode, the WAP device uses this Identity when responding to requests from an 802.1X authenticator. The WAP device supports pem format certificate file. The certificate file must include private key and root certificates. The WAP device expects that this certificate file is a password-protected file. The WAP device will use Private Key Password to unlock this certificate file.

 4. Click Save. The changes are saved to the Startup Configuration.

Note After new settings are saved, the corresponding processes may be stopped and restarted. When this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients.

 

The Certificate File Status area shows whether a current certificate exists:

 • Certificate File Present—Indicates whether the HTTP SSL Certificate file is present. The field shows Yes if it is present. The default setting is No.

 • Certificate Expiration Date—Indicates when the HTTP SSL Certificate file will expire. The range is a valid date.

Uploading a Certificate File to the AP

The Certificate File Upload area enables you to upload a certificate file to the AP:

 1. Select either HTTP or TFTP as the Transfer Method.

 2. If you selected HTTP, click Browse to select the file.

Note To configure the HTTP and HTTPS server settings, see HTTP/HTTPS Service.

If you selected TFTP, enter the Filename and the TFTP Server IPv4 Address. The filename cannot contain the following characters: spaces, <, >, |, \, : , (, ), &, ; , #, ? , *, and two or more successive periods.

 3. Click Upload.

A confirmation window appears, followed by a progress bar to indicate the status of the upload.