Re: 802.1x RADIUS Deployment in Wireless LAN

From: Jimi Thompson (jimit_at_myrealbox.com)
Date: 11/26/03

  • Next message: ZyberGeek: "RE: Altiris Deployment Server vs. Microsoft SMS" 
    Date: Tue, 25 Nov 2003 21:11:49 -0600
To: security-basics@securityfocus.com

    We set up a similiar arrangement using FreeRadius, DialUp Admin, and a
    gateway device. Our solution cost us about $700. It did take about a
    week of tinkering, but we are using our now 4 year old 802.11b Enterasys
    access points that don't support 801.1X. The traffic itself isn't
    encrypted, but it does force authentication in order to use the network.

    Our wireless network is largely for use by students, so your mileage may
    vary greatly.

    HTH,

    Jimi

    Eric Hagen wrote:

    > Well, I can relay a bit of experience using Cisco's "Secure Access
    > Control" platform. You need version 3.2 to properly support the EAP
    > that is required for authentication over 802.1x. It's a Windows
    > package, but I it's not that inexpensive compared to the open-source
    > route.
    >
    > We used Cisco Aironet 1200 access points and got the WPA/TKIP
    > authentication to work. That's a dynamic key system and has 100% of
    > it's authentication through the SAC server.
    >
    > We standardized on 3com client cards because they include strong
    > software support for WPA as well as the 802.11i draft standard with
    > AES encryption. The Cisco client card was good too, but the range
    > wasn't as good for one reason or another.
    >
    > Difficulty? Fortunately, we had a few experts on hand, so it wasn't
    > all that difficult at all. Unfortunately, for those unfamiliar with
    > all of the technologies (including Cisco IOS) it would be very difficult.
    >
    > Also, I believe that the wireless card's drivers must support the WPA
    > authentication, since it uses a layer-2 encapsulation on the auth
    > packets (someone correct me if I'm wrong here).
    >
    > Eric
    >
    >
    >
    > ---------------------------------------------------------------------------
    >
    > ----------------------------------------------------------------------------
    >
    >
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: ZyberGeek: "RE: Altiris Deployment Server vs. Microsoft SMS"

    Relevant Pages

    • Re: WPA2 security settings:
      ... I don't have experience on setting up the radius server build in the Cisco ... The usual picture is the authentication server being is separate machine; ... If you're using radio card X, for example, it might support ...
      (microsoft.public.windowsce.embedded)
    • Re: Windows Integrated and the domain name
      ... Both NTLM and Kerberos authentication require the full realm and username - that's unfortunately the way both of those two protocols work. ... for a direct integrated windows authentication ... Microsoft Online Community Support ...
      (microsoft.public.inetserver.iis.security)
    • RE: How to Authenticate to WCF Service Via VPN
      ... \par Microsoft MSDN Online Support Lead ... He launches Cisco Systems VPN Client and authenticates as ... \par> includes the service account identity as a user principal name. ... \par> mutual authentication is assumed. ...
      (microsoft.public.dotnet.framework.webservices)
    • SEC:U MIT-MAGIC-COOKIE-1, Motif 1.3 and HP TCP/IP XDM (long)
      ... I am not really wishing to start a "this is typical of DEC/CPQ/HP OpenVMS ... goes unspecified in this forum) requires the support of MIT-MAGIC-COOKIE-1. ... It is also a "policy" that such such an authentication scheme ... > to be absent is tantamount to illuminating a neon sign over VMS saying ...
      (comp.os.vms)
    • Re: 802.1x RADIUS Deployment in Wireless LAN
      ... I can relay a bit of experience using Cisco's "Secure Access ... You need version 3.2 to properly support the EAP ... that is required for authentication over 802.1x. ... We used Cisco Aironet 1200 access points and got the WPA/TKIP ...
      (Security-Basics)