Security Basics mailing list archives
Re: 802.1x RADIUS Deployment in Wireless LAN
From: Eric Hagen <eric () sandpile net>
Date: Tue, 25 Nov 2003 14:50:51 -0600
Well, I can relay a bit of experience using Cisco's "Secure Access Control" platform. You need version 3.2 to properly support the EAP that is required for authentication over 802.1x. It's a Windows package, but I it's not that inexpensive compared to the open-source route.
We used Cisco Aironet 1200 access points and got the WPA/TKIP authentication to work. That's a dynamic key system and has 100% of it's authentication through the SAC server.
We standardized on 3com client cards because they include strong software support for WPA as well as the 802.11i draft standard with AES encryption. The Cisco client card was good too, but the range wasn't as good for one reason or another.
Difficulty? Fortunately, we had a few experts on hand, so it wasn't all that difficult at all. Unfortunately, for those unfamiliar with all of the technologies (including Cisco IOS) it would be very difficult.
Also, I believe that the wireless card's drivers must support the WPA authentication, since it uses a layer-2 encapsulation on the auth packets (someone correct me if I'm wrong here).
Eric --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- 802.1x RADIUS Deployment in Wireless LAN David J. Jackson (Nov 25)
- Re: 802.1x RADIUS Deployment in Wireless LAN Eric Hagen (Nov 25)
- Re: 802.1x RADIUS Deployment in Wireless LAN Jimi Thompson (Nov 26)
- <Possible follow-ups>
- RE: 802.1x RADIUS Deployment in Wireless LAN Batkin, Seva (Nov 25)
- RE: 802.1x RADIUS Deployment in Wireless LAN shankarnarayan . d (Nov 26)
- RE: 802.1x RADIUS Deployment in Wireless LAN shankarnarayan . d (Nov 26)
- Re: 802.1x RADIUS Deployment in Wireless LAN Eric Hagen (Nov 25)