Click “Finish” to complete the Automatic Certificate Request Setup
18.
Go to Start > Run, and type “command” and click “Enter” to open
19.
Command Prompt.
Type “secedit/refreshpolicy machine_policy” to refresh policy.
20.
66
Adding Internet Authentication Service
21. Go to Start > Control Panel > Add or Remove Programs
Select “Add/Remove Windows Components” from the panel on the left.
22.
Select “Internet Authentication Service”, and click “OK” to install.
23.
67
Setting Internet Authentication Service
24. Go to Start > Program > Administrative Tools > Internet Authentication
Service
Right-click “Client”, and select “New Client”
25.
68
26. Enter the IP address of the Access Point in the Client address text field, a
memorable name for the Access Point in the
access password used by the Access Point in the
Re-type the password in the
Click “Finish” to complete adding of the Access Point.
27.
Confirmed shared secret text field.
Client-Vendor text field, the
Shared secret text field.
69
28. In the Internet Authentication Service, right-click “Remote Access Policies”
Select “New Remote Access Policy”.
29.
Select “Day-And-Time-Restriction”, and click “Add” to continue.
30.
70
31. Unless you want to specify the active duration for 802.1x authentication, click
OK” to accept to have 802.1x authentication enabled at all times.
“
Select “Grant remote access permission”, and click “Next” to continue.
32.
71
33. Click “Edit Profile” to open up
72
For TLS Authentication Setup (Steps 34 ~ 38)
34. Select “Authentication” Tab
Enable “Extensible Authentication Protocol”, and select “Smart Card or
35.
other Certificate
” for TLS authentication
73
36. Go to Start > Program > Administrative Tools > Active Directory Users and
Computers
Select “Users”, and double-click on the user that can be newly created or
37.
currently existing, who will be configured to have the right to obtain digital
certificate remotely.
Please note that in this case, we have a user called,
used to obtain the digital certificate from server.
test, whose account/password are
74
38. Go to the “Dial-in” tab, and check “Allow access” option for Remote Access
Permission and “
No Callback” for Callback Options.
75
For MD5 Authentication (Steps 39 ~ 54)
39. Go to Start > Program > Administrative Tools > Active Directory Users and
Computers.
Right click on the domain, and select “Properties”
40.
76
41. Select “Group Policy” tab, and click “Edit” to edit the Group Policy.
77
42. Go to “Computer Configuration” > “Windows Settings” > “Security Settings”
> “Account Policies” > “
Password Policies”
Click “Define this policy setting”, select “Enabled”, and click “OK” to
43.
continue.
78
44. Go to Start > Program > Administrative Tools > Active Directory Users and
Computers
Go to Users. Right-click on the user that you are granting access, and select
45.
Properties”
“
.
79
46. Go to “Account” tab, and enable “Store password using reversible
encryption
Click “OK” to continue.
47.
”
80
48. Go to Start > Program > Administrative Tools > Internet Authentication
Service
Go to Remote Access Policies
49.
Make sure that MD5 is moved up to Order 1
50.
Right-click “MD5”, and select “Properties”
51.
.
81
52. Go to “Authentication” tab
Enable “Extensible Authentication Protocol”
53.
Select “MD5-Challenge” for EAP type.
54.
82
APPENDIX D: GLOSSARY
Access Point ― An internetworking device that seamlessly connects wired and
wireless networks.
Ad-Hoc ― An independent wireless LAN network formed by a group of computers,
each with an network adapter.
AP Client – One of the additional AP operating modes offered by 22Mbps Access
Point, which allows the Access Point to act as an Ethernet-to-Wireless Bridge, thus a
LAN or a single computer station can join a wireless ESS network through it.
ASCII – American Standard Code for Information Interchange, ASCII, is one of the
two formats that you can use for entering the values for WEP key. It represents English
letters as numbers from 0 to 127.
Authentication Type
supported by the Access Point:
Open System : Open System authentication is the simplest of the available
1.
authentication algorithms. Essentially it is a null authentication algorithm.
Any station that requests authentication with this algorithm may become
authenticated if 802.11 Authentication Type at the recipient station is set to
Open System authentication.
Shared Key : Shared Key authentication supports authentication of stations
2.
as either a member of those who knows a shared secret key or a member of
those who does not.
Backbone ― The core infrastructure of a network, which transports information from
one central location to another where the information is unloaded into a local system.
Bandwidth ― The transmission capacity of a device, which is calculated by how
much data the device can transmit in a fixed amount of time expressed in bits per
second (bps).
― Indication of an authentication algorithm which can be
Basic Rate
value 1,2,5.5, 11 and 22 Mbps for selection.
― the fixed transmitted and receiving data rate allowed by the AP with the
83
Beacon ― A beacon is a packet broadcast by the Access Point to keep the network
synchronized. Included in a beacon are information such as wireless LAN service
area, the AP address, the Broadcast destination addresses, time stamp, Delivery
Traffic Indicator Maps, and the Traffic Indicator Message (TIM).
Bit ― A binary digit, which is either -0 or -1 for value, is the smallest unit for data.
Bridge
― An internetworking function that incorporates the lowest 2 layers of the OSI
network protocol model.
Browser ― An application program that enables one to read the content and interact
in the World Wide Web or Intranet.
BSS ― BSS stands for “Basic Service Set”. It is an Access Point and all the LAN PCs
that associated with it.
Channel ― The bandwidth which wireless Radio operates is divided into several
segments, which we call them “Channels”. AP and the client stations that it
associated work in one of the channels.
CSMA/CA ― In local area networking, this is the CSMA technique that combines
slotted time-division multiplexing with carrier sense multiple access/collision
detection (CSMA/CD) to avoid having collisions occur a second time. This works
best if the time allocated is short compared to packet length and if the number of
situations is small.
CSMA/CD ― Carrier Sense Multiple Access/Collision Detection, which is a LAN
access method used in Ethernet. When a device wants to gain access to the network,
it checks to see if the network is quiet (senses the carrier). If it is not, it waits a
random amount of time before retrying. If the network is quiet and two devices
access the line at exactly the same time, their signals collide. When the collision is
detected, they both back off and wait a random amount of time before retrying.
DHCP
― Dynamic Host Configuration Protocol, which is a protocol that lets
network administrators manage and allocate Internet Protocol (IP) addresses in a
network. Every computer has to have an IP address in order to communicate with
each other in a TCP/IP based infrastructure network. Without DHCP, each computer
must be entered in manually the IP address. DHCP enables the network
administrators to assign the IP from a central location and each computer receives an
IP address upon plugged with the Ethernet cable everywhere on the network.
DSSS
― Direct Sequence Spread Spectrum. DSSS generates a redundant bit pattern
for each bit to be transmitted. This bit pattern is called a chip (or chipping code). The
longer the chip, the greater the probability that the original data can be recovered. Even
if one or more bits in the chip are damaged during transmission, statistical techniques
embedded in the radio can recover the original data without the need for retransmission.
84
To an unintended receiver, DSSS appears as low power wideband noise and is rejected
(ignored) by most narrowband receivers.
Dynamic IP Address ― An IP address that is assigned automatically to a client
station in a TCP/IP network by a DHCP server.
Encryption ― A security method that uses a specific algorithm to alter the data
transmitted, thus prevent others from knowing the information transmitted.
ESS
― ESS stands for “Extended Service Set”. More than one BSS is configured to
become Extended Service Set. LAN mobile users can roam between different BSSs in
an ESS.
ESSID ― The unique identifier that identifies the ESS. In infrastructure association ,
the stations use the same ESSID as AP’s to get connected.
Ethernet ― A popular local area data communications network, originally developed
by Xerox Corp., that accepts transmission from computers and terminals. Ethernet
operates on a 10/100 Mbps base transmission rate, using a shielded coaxial cable or
over shielded twisted pair telephone wire.
Fragmentation ― When transmitting a packet over a network medium, sometimes
the packet is broken into several segments, if the size of packet exceeds that allowed
by the network medium.
Fragmentation Threshold –
The Fragmentation Threshold defines the number of
bytes used for the fragmentation boundary for directed messages. The purpose of
"Fragmentation Threshold" is to increase the transfer reliability thru cutting a MAC
Service Data Unit (MSDU) into several MAC Protocol Data Units (MPDU) in smaller
size. The RF transmission can not allow to transmit too big frame size due to the heavy
interference caused by the big size of transmission frame. But if the frame size is too
small, it will create the overhead during the transmission.
Gateway
―a device that interconnects networks with different, incompatible
communication protocols.
HEX – Hexadecimal, HEX, consists of numbers from 0 – 9 and letters from A – F.
IEEE ― The Institute of Electrical and Electronics Engineers, which is the largest
technical professional society that promotes the development and application of
electrotechnology and allied sciences for the benefit of humanity, the advancement of
the profession. The IEEE fosters the development of standards that often become
national and international standards.
Infrastructure ― An infrastructure network is a wireless network or other small
network in which the wireless network devices are made a part of the network through
the Access Point which connects them to the rest of the network.
ISM Band ― The FCC and their counterparts outside of the U.S. have set aside
85
bandwidth for unlicensed use in the ISM (Industrial, Scientific and Medical) band.
Spectrum in the vicinity of 2.4GHz, in particular, is being made available worldwide.
MAC Address ― Media Access Control Address is a unique hex number assigned
by the manufacturer to any Ethernet networking device, such as a network adapter,
that allows the network to identify it at the hardware level.
Multicasting ― Sending data to a group of nodes instead of a single destination.
Multiple Bridge – One of the additional AP operating modes offered by 22Mbps
Access Point, which allows a group of APs that consists of two or more APs to connect
two or more Ethernet networks or Ethernet enabled clients together. The way that
multiple bridge setup is based on the topology of Ad-Hoc mode.
Node
― A network junction or connection point, typically a computer or workstation.
Packet ― A unit of data routed between an origin and a destination in a network.
PLCP
― Physical layer convergence protocol
PPDU ― PLCP protocol data unit
Preamble Type ― During transmission, the PSDU shall be appended to a PLCP
preamble and header to create the PPDU. Two different preambles and headers are
defined as the mandatory supported long preamble and header which interoperates
with the current 1 and 2 Mbit/s DSSS specification as described in IEEE Std
802.11-1999, and an optional short preamble and header. At the receiver, the PLCP
preamble and header are processed to aid in demodulation and delivery of the PSDU.
The optional short preamble and header is intended for application where maximum
throughput is desired and interoperability with legacy and non-short-preamble capable
equipment is not consideration. That is, it is expected to be used only in networks of
like equipment that can all handle the optional mode. (IEEE 802.11b standard)
PSDU ― PLCP service data unit
Roaming ― A LAN mobile user moves around an ESS and enjoys a continuous
connection to an Infrastructure network.
RTS ― Request To Send. An RS-232 signal sent from the transmitting station to
the receiving station requesting permission to transmit.
RTS Threshold
― Transmitters contending for the medium may not be aware of each
other. RTS/CTS mechanism can solve this “Hidden Node Problem”. If the packet size
is smaller than the preset RTS Threshold size, the RTS/CTS mechanism will NOT be
enabled.
86
SSID ― Service Set Identifier, which is a unique name shared among all clients and
nodes in a wireless network. The SSID must be identical for each clients and nodes
in the wireless network.
Subnet Mask ― The method used for splitting IP networks into a series of
sub-groups, or subnets. The mask is a binary pattern that is matched up with the IP
address to turn part of the host ID address field into a field for subnets.
TCP/IP
― Transmission Control Protocol/ Internet Protocol. The basic
communication language or protocol of the Internet. It can also be used as a
communications protocol in a private network, i.e. intranet or internet. When you
are set up with direct access to the Internet, your computer is provided with a copy of
the TCP/IP program just as every other computer that you may send messages to or
get information from also has a copy of TCP/IP.
Throughput
― The amount of data transferred successfully from one point to
another in a given period of time.
― Wired Equivalent Privacy (WEP) is an encryption scheme used to protect
WEP
wireless data communication. To enable the icon will prevent other stations without the
same WEP key from linking with the AP.
Wireless Bridge – One of the additional AP operating modes offered by 22mpbs
Access Point, which allows a pair of APs to act as the bridge that connects two
Ethernet networks or Ethernet enabled clients together.
87
APPENDIX E: TECHNICAL SPECIFICATION
Standard 802.11b compliant (wireless)
Data Rate 1 / 2 / 5.5 / 11 / 22 Mbps
Emission Type Direct Sequence Spread Spectrum (DSSS)