You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

B.2.1 NTP setup (confederation requirement: reliable timing source)

     1. Select your Timezone under Configuration>Date & Time>General
     2. Select Synchronization and check the radio button Synchronize...
     3. Click on the link Time Server (NOT the menu Time Server on the left-hand side, which is only relevant
         if you want the AP to be the time server for its clients).
     4. Click Add and enter your server details:

B.2.2 Logging

     1. Select Configuration>Log &Trace>Syslog and check the box Send information.
     2. Click Syslog clients>add.
     3. Add (minimum) localhost: IP 127.0.0.1, and activate all sources:
The logs that are collected with the localhost setting will show up under
Expert Configuration>Status>TCP-IP>Syslog.

B.2.3 Configuring the SSID

     1. Select Configuration>Wireless LAN>Logical WLAN setting – Network.
     2. Click on one of the available slots, then set the following options as described:
         WLAN network enabled to On.
         Network name (SSID) to eduroam.
         Deselect the box labelled "Suppress SSID broadcast"
         MAC filter enabled to Off.
         Maximum count of clients to 0.
         Client Bridge support to No.

B.2.4 WPA Enterprise security

     1. Configure the RADIUS server to use: Select Configuration – Wireless LAN – IEEE 802.1X – RADIUS
         server.
     2. Click on add and enter your server details:
You must now apply the RADIUS server and encryption scheme to the SSID eduroam:
     3. Select Configuration>Wireless LAN>802.11i/WEP.
     4. Click on WPA or Private WEP setting – 80211.i/WEP.

     5. Click on the slot in which you previously configured the SSID eduroam and enter the following settings:
         Encryption Activated to Activated.
         Method/Key 1 Length to 802.11i(WPA)-802.1x.
         WPA Version to WPA1/2.
         WPA1 Session Key Type to TKIP
         ○ WPA2 Session Key Type to AES

Other settings are irrelevant with WPA-Enterprise:

B.2.5 RADIUS accounting server (optional)

If RADIUS accounting for the eduroam SSID shall be enabled, you must configure a RADIUS server to receive
the accounting messages:

  • Select Expert Configuration>Setup – WLAN – RADIUS-Accounting and complete the server details:
  • Afterwards, activate the actual RADIUS Accounting reporting under Expert Configuration>Setup –
    Interfaces – WLAN – Network – RADIUS-Accounting

B.2.6 Using RadSec instead of RADIUS (optional)

LANCOM devices have a RadSec client built-in. It can be used instead of standard RADIUS for the uplink to an
IdP.

To use RadSec, you must have been given a eduroam Service Provider X.509 certificate from your NRO. First,
upload this certificate and the eduGAIN CA certificate (which can be downloaded at http://sca.edugain.org/cacert/eduGAINCA.pem) via the device's "File Upload" menu:
Then, go to Expert Configuration>Setup>IEEE802.1X>RADIUS Server and set the Protocol option to
RADSEC:
The same option is also present in the RADIUS Accounting server menu that was discussed above. When
RadSec is to be used, we strongly suggest to use it for both authentication and accounting.

  • No labels