Home page logo

basics logo Security Basics mailing list archives

Re: 802.1x RADIUS Deployment in Wireless LAN
From: Jimi Thompson <jimit () myrealbox com>
Date: Tue, 25 Nov 2003 21:11:49 -0600

We set up a similiar arrangement using FreeRadius, DialUp Admin, and a gateway device. Our solution cost us about $700. It did take about a week of tinkering, but we are using our now 4 year old 802.11b Enterasys access points that don't support 801.1X. The traffic itself isn't encrypted, but it does force authentication in order to use the network. Our wireless network is largely for use by students, so your mileage may vary greatly.



Eric Hagen wrote:

Well, I can relay a bit of experience using Cisco's "Secure Access Control" platform. You need version 3.2 to properly support the EAP that is required for authentication over 802.1x. It's a Windows package, but I it's not that inexpensive compared to the open-source route.

We used Cisco Aironet 1200 access points and got the WPA/TKIP authentication to work. That's a dynamic key system and has 100% of it's authentication through the SAC server.

We standardized on 3com client cards because they include strong software support for WPA as well as the 802.11i draft standard with AES encryption. The Cisco client card was good too, but the range wasn't as good for one reason or another.

Difficulty? Fortunately, we had a few experts on hand, so it wasn't all that difficult at all. Unfortunately, for those unfamiliar with all of the technologies (including Cisco IOS) it would be very difficult.

Also, I believe that the wireless card's drivers must support the WPA authentication, since it uses a layer-2 encapsulation on the auth packets (someone correct me if I'm wrong here).


--------------------------------------------------------------------------- ----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]