Configuring wireless network clients

Mac OS client

 

To configure network preferences

1. Right-click the AirPort icon in the toolbar and select Open Network Preferences.

2. Select Advanced and then select the 802.1X tab.

3. If there are no Login Window Profiles in the left column, select the + button and then select Add Login Window Profile.

4. Select the Login Window Profile and then make sure that both TTLS and PEAP are selected in Authentication.

 

To configure the WPA-Enterprise network connection

1. Select the AirPort icon in the toolbar.

2. Do one of the following:

 

  • If the network is listed, select the network from the list.
  • Select Connect to Other Network.

 

One of the following windows opens, depending on your selection.

3. Enter the following information and select OK or Join:

 

Network name                         Enter the SSID of your wireless network. (Other network only)

Wireless Security                   WPA Enterprise

802.1X                                      Automatic

Username

Password

Enter your logon credentials for the wireless network.

Remember this network        Select.

You are connected to the wireless network.

 

Mac OS supports only PEAP with MSCHAPv2 authentication and therefore can authen- ticate only to a RADIUS server, not an LDAP or TACACS+ server

 

Linux client

This example is based on the Ubuntu 10.04 Linux wireless client.

 

To connect to a WPA-Enterprise network

1. Select the Network Manager icon to view the Wireless Networks menu.

Wireless networks that broadcast their SSID are listed in the Available section of the menu. If the list is long, it is continued in the More Networks submenu.

2. Do one of the following:

  • Select the network from the list (also check More Networks).
  • Select Connect to Hidden Wireless Network.

 

One of the following windows opens, depending on your selection.

3. Enter the following information:

Connection                                Leave as New. (Hidden network only)

Network name                           Enter the SSID of your wireless network. (Hidden network only)

Wireless Security                      WPA & WPA2 Enterprise

Authentication                           Protected EAP (PEAP) for RADIUS-based authentication

Tunneled TLS for TACACS+ or LDAP-based authentication

Anonymous identity                 This is not required.

CA Certificate                            If you want to validate the AP’s certificate, select the UTN-USERFirst-Hard- ware root certificate. The default location for the certificate is

/usr/share/ca-certificates/mozilla/.

PEAP version                             Automatic (applies only to PEAP)

Inner authentication                 MSCHAPv2 for RADIUS-based authentication

PAP or CHAP for TACACS+ or LDAP-based authentication

Username

Password

Enter your logon credentials for the wireless network.

4. If you did not select a CA Certificate above, you are asked to do so. Select Ignore.

5. Select Connect. You are connected to the wireless network.

 

To connect to a WPA-Enterprise network

1. Select the Network Manager icon to view the Wireless Networks menu.

2. Select the network from the list (also check More Networks).

If your network is not listed (but was configured), select Connect to Hidden Wireless Network, select your network from the Connection drop-down list, and then select Connect.

 

 

Troubleshooting

Using tools provided in your operating system, you can find the source of common wireless networking problems.

 

Checking that client received IP address and DNS server information

Windows XP

1. Double-click the network icon in the taskbar to display the Wireless Network Connection Status window. Check that the correct network is listed in the Connection section.

2. Select the Support tab.

Check that the Address Type is Assigned by DHCP. Check that the IP Address, Subnet Mask, and

Default Gateway values are valid.

3. Select Details to view the DNS server addresses.

The listed address should be the DNS serves that were assigned to the WAP. Usually a wireless network that provides access to the private LAN is assigned the same DNS servers as the wired private LAN. A wireless network that provides guest or customer users access to the Internet is usually assigned public DNS servers.

4. If any of the addresses are missing, select Repair.

If the repair procedure doesn’t correct the problem, check your network settings.

 

Mac OS

1. From the Apple menu, open System Preferences > Network.

2. Select AirPort and then select Configure.

3. On the Network page, select the TCP/IP tab.

4. If there is no IP address or the IP address starts with 169, select Renew DHCP Lease.

5. To check DNS server addresses, open a terminal window and enter the following command:

cat /etc/resolv.conf

Check the listed nameserver addresses. A network for employees should us the wired private LAN DNS server. A network for guests should specify a public DNS server.

 

Linux

This example is based on the Ubuntu 10.04 Linux wireless client.

1. Right-click the Network Manager icon and select Connection Information.

2. Check the IP address, and DNS settings. If they are incorrect, check your network settings.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos