Re: 802.1x RADIUS Deployment in Wireless LAN

From: Eric Hagen (eric_at_sandpile.net)
Date: 11/25/03

  • Next message: Rodrigo Otaviano: "Re: ISA blocking ICQ" 
    Date: Tue, 25 Nov 2003 14:50:51 -0600
To: "David J. Jackson" <djackson@netdmz.com>

    Well, I can relay a bit of experience using Cisco's "Secure Access
    Control" platform. You need version 3.2 to properly support the EAP
    that is required for authentication over 802.1x. It's a Windows
    package, but I it's not that inexpensive compared to the open-source route.

    We used Cisco Aironet 1200 access points and got the WPA/TKIP
    authentication to work. That's a dynamic key system and has 100% of
    it's authentication through the SAC server.

    We standardized on 3com client cards because they include strong
    software support for WPA as well as the 802.11i draft standard with AES
    encryption. The Cisco client card was good too, but the range wasn't as
    good for one reason or another.

    Difficulty? Fortunately, we had a few experts on hand, so it wasn't all
    that difficult at all. Unfortunately, for those unfamiliar with all of
    the technologies (including Cisco IOS) it would be very difficult.

    Also, I believe that the wireless card's drivers must support the WPA
    authentication, since it uses a layer-2 encapsulation on the auth
    packets (someone correct me if I'm wrong here).

    Eric

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Rodrigo Otaviano: "Re: ISA blocking ICQ"

    Relevant Pages

    • Re: WPA2 security settings:
      ... I don't have experience on setting up the radius server build in the Cisco ... The usual picture is the authentication server being is separate machine; ... If you're using radio card X, for example, it might support ...
      (microsoft.public.windowsce.embedded)
    • Re: 802.1x RADIUS Deployment in Wireless LAN
      ... but it does force authentication in order to use the network. ... You need version 3.2 to properly support the EAP ... > We used Cisco Aironet 1200 access points and got the WPA/TKIP ... I believe that the wireless card's drivers must support the WPA ...
      (Security-Basics)
    • Re: Windows Integrated and the domain name
      ... Both NTLM and Kerberos authentication require the full realm and username - that's unfortunately the way both of those two protocols work. ... for a direct integrated windows authentication ... Microsoft Online Community Support ...
      (microsoft.public.inetserver.iis.security)
    • RE: How to Authenticate to WCF Service Via VPN
      ... \par Microsoft MSDN Online Support Lead ... He launches Cisco Systems VPN Client and authenticates as ... \par> includes the service account identity as a user principal name. ... \par> mutual authentication is assumed. ...
      (microsoft.public.dotnet.framework.webservices)
    • SEC:U MIT-MAGIC-COOKIE-1, Motif 1.3 and HP TCP/IP XDM (long)
      ... I am not really wishing to start a "this is typical of DEC/CPQ/HP OpenVMS ... goes unspecified in this forum) requires the support of MIT-MAGIC-COOKIE-1. ... It is also a "policy" that such such an authentication scheme ... > to be absent is tantamount to illuminating a neon sign over VMS saying ...
      (comp.os.vms)