How to Configure 802.1x to Secure the Wireless Environment with an External AD Server?
The example instructs how to set up the NXC controller with an external AD server. When the station wants to connect with the AP, you can use an AAA server to provide access control to your network. In this example, the AD server is external but not embedded in the NXC controller, and the controller is already set to use the AD server for authentication.
Configure AD Server Setting
1 Go to CONFIGURATION > Object > AAA Server > Active Directory, click #1 ad, and then click Edit to configure AD server’s information.
2 In Server Settings, enter Server Address. Here use 188.8.131.52 as the example. Go to AD server to check Base DN. Here is an example for checking the Base DN on Windows server, and it can be copied from clicking right on the domain name > properties > Attribute Editor> distinguished Name > View.
3 In Server Authentication, enter Bind DN and Password. You can check Bind DN in the AD server. In the AD server, clicking right on the Administrator > properties > Attribute Editor > distinguished Name > View. The Password is Administrator’s password in the AD server.
4 In Doman Authentication for MSChap, check Enable and enter the User Name, User Password, Realm, and NetBIOS Name. The Realm is the domain name of the AD server.
5 After finishing the configuration, enter administrator as the Username and click Test in Configuration Validation.
6 Go to CONFIGURATION > Object > Auth. Method. Select to the default method, and click Edit. Select the AD server you create. Click OK.
7 Go to CONFIGURATION > System > Date/Time and check Current Time and Date. The date and time must be the same as the date and time of the AD server. If it’s different, you can select the correct time zone in Time Zone Setting.
8 Go to CONFIGURATION > System > Host Name. Set the domain name as you set on the AD server.
9 Go to CONFIGURATION > System > DNS for setting domain zone information. In Domain Zone Forwarder, click Add to add a new domain zone. Enter the Domain Zone and Public DNS Server which is the AD server’s IP.
Configure AP Profile
1 Configure AP profile to use 802.1x authentication that the user needs to log in with their ID and Password when connecting to AP’s SSID. Go to CONFIGURATION > Object > AP Profile > SSID > Security List, click Add to add security for 802.1x.
In General Settings, enter the Profile Name and change Security Mode to wpa2.
In Radius Settings, select to Internal and it means the authentication needs NXC to communicate with an external AD server.
In Authentication Settings, select to 802.1x and Auth. Method is default. Click OK.
2 Go to CONFIGURATION > Object > AP Profile > SSID > SSID List, click add to add a SSID for the connection with 802.1x security. Key in the Profile Name and SSID, and change Security Profile to ADtest which you configured in step1. Click OK to save.
3 Go to CONFIGURATION > Wireless > AP Management > AP Group, select the default AP profile and edit. Select ADtest in the SSID Profile. Click OK to apply the SSID to AP.
- 6.8K All Categories
- 1.4K Nebula
- 29 Nebula Ideas
- 37 Nebula Status and Incidents
- 3.9K Security
- 200 Security Ideas
- 723 Switch
- 30 Switch Ideas
- 600 WirelessLAN
- 8 WLAN Ideas
- 4.5K Consumer Product
- 98 Service & License
- 214 New and Release
- 68 Stories
- 38 Security Advisories
- 512 FAQ
- 237 Nebula FAQ
- 117 Security FAQ
- 72 Switch FAQ
- Network Reliability
- Network Security
- Layer 3 Switching & Routing
- Surveillance / ONVIF
- Other Topics
- 65 WirelessLAN FAQ
- 5 Consumer Product FAQ
- 30 Nebula Monthly Express
- 43 About Community
- 31 Security Highlight