Home page logo
/

basics logo Security Basics mailing list archives

Re: 802.1x RADIUS Deployment in Wireless LAN
From: Eric Hagen <eric () sandpile net>
Date: Tue, 25 Nov 2003 14:50:51 -0600

Well, I can relay a bit of experience using Cisco's "Secure Access Control" platform. You need version 3.2 to properly support the EAP that is required for authentication over 802.1x. It's a Windows package, but I it's not that inexpensive compared to the open-source route.

We used Cisco Aironet 1200 access points and got the WPA/TKIP authentication to work. That's a dynamic key system and has 100% of it's authentication through the SAC server.

We standardized on 3com client cards because they include strong software support for WPA as well as the 802.11i draft standard with AES encryption. The Cisco client card was good too, but the range wasn't as good for one reason or another.

Difficulty? Fortunately, we had a few experts on hand, so it wasn't all that difficult at all. Unfortunately, for those unfamiliar with all of the technologies (including Cisco IOS) it would be very difficult.

Also, I believe that the wireless card's drivers must support the WPA authentication, since it uses a layer-2 encapsulation on the auth packets (someone correct me if I'm wrong here).

Eric



---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]