Setting Up RN400 Enterprise Security

Thank you for purchasing the DEKIST RN400 product.

The model is mainly composed of two types, H2 and T2. H2 model has 2 PS and EX, and T2 model is divided into 2 PS, EX, TS, CS, GS, PM to execute various sensor monitoring.

All RN400 models support the WPA2-Enterprise method, which is supplemented to the user authentication area.

Key Terms: User Authentication, RADIUS, Enterprise Supported Router, PEM

1. What do you need to use enterprise security?

enterprise security RADIUS server와 ENTERPRISEA router AP that supports Certificate CA.PEM The file should be ready.
The RADIUS server is a server that manages authentication and authorization for each user in the company. Dedicated routers supporting enterprise internally support RADIUS server.

2. Install the certificate CA.PEM file on the RN400.

• Path setting – certificate ca.pem file Micro SD cardof /cert/ca.pem pathSave in advance. Micro SD card supports only FAT 32 format file system.
• Inserting – Insert the SD card where the certificate file is stored in the correct path into the SD card slot of the RN400. insertion합니다.
• Power supply – Power is supplied by pressing the 'POWER ON/OFF' button located on the right under the front display.
• Installation – Use the 'W' and 'S' buttons on the front panel to activate the 'Menu' on the display to enter the 'CONFIG MODE(AP)' stage, and then press the 'W' button to proceed with the installation.

RN400 is Enterprise authentication methodIt recognizes only files in PEM format. You can convert it to a file in PEM format via the link below.
Convert to PEM file

3. What you need to connect to an enterprise secure router

3-1. Prepare a certificate for accessing the RADIUS server
When saving the'RADIUS server connection certificate' in the SD card, the file name must be changed to'ca.pem'. The created file is saved in the /cert folder.

3-2. ID / PASSWORD of RADIU server
If you have been given an ID and password, enter the information you were given while setting up the router with your smartphone.

RN400 Installation Guide

3-3. The router's SSID and KEY value.
Enter the SSID and KEY value of the enterprise router you want to access.

MSCHAPV2 is mainly used for secondary authentication.

RN400 does not support CISCO's GTC method.

key terms

• User Authentication: User Authentication. Establishing validity of the identity claim of the counterparty between the parties to a transaction (process, server, equipment, etc.) during a session
• RADIUS : Remote Authentication Dial In User Service. A distributed security system (authentication protocol) developed by Livingston Enterprises in the mid-1990s
• PEM: Privacy Enhanced Mail Certificate
• 802.1X : Port Based Network Access Control (June 2001 standard authentication)
• EAP: Extensible Authentication Protocol. A universal authentication framework that enables multiple authentication methods to be selected by encapsulating multiple authentication protocols.

Compared to the method that WPA-PSK intensively complemented the existing WEP encryption/decryption key management method, WPA2-Enterpriseis a method that complements the user authentication area.
WPA2-EAPCalled as WPA2 Enterprise The method adopted various security standards and algorithms to strengthen authentication and encryption, and the most important and key point is the IEEE 802.1X standardIETF's EAP authentication protocol was adopted to accommodate various authentication mechanisms.
In order to implement the WPA2-EAP method in a large-scale wireless LAN environment, it is necessary to perform user authentication as well as client and AP. Authentication Serveris added separately because it accommodates the requirements of the 802.1X standard for WPA-EAP implementation.