Wireless Networks Thread, 802.1x-Radius Wireless Authentication in Technical; We have recently invested in a Cisco Wireless Lan Controller and 30 Cisco 1252b/g/n access points.
Currently we use a ...
16th September 2009, 09:58 PM #1
802.1x-Radius Wireless Authentication
We have recently invested in a Cisco Wireless Lan Controller and 30 Cisco 1252b/g/n access points.
Currently we use a WPA(2)-PSK TKIP setup which is a bit of a pain with almost 300 laptops. So I am thinking that it would be wise to explore using 802.1x and Radius to make it easier and in theory more secure.
We have 2008 DC's and wondered if anyone had experience of doing this themselves or have a guide that they stumbled across? I have seen one relating to server 2003 on the forum so wondered if anyone has followed this in server 2008?
Any help or pointers greatly appreciated as this is all new territory to me.
17th September 2009, 09:27 PM #2
We use the WLC with the Cisco radius software. Works pretty well.
Should be similar on a windows radius box.
As you can set up multiple SSIDs on the Cisco kit, try creating one using radius as a test, can't hurt :-)
21st September 2009, 12:29 PM #3
Ive done this using the autonomous Cisco APs rather than with a controller and Windows IAS / Radius on our domain controllers using certificates. Works well apart from when a laptops system clock goes miles off skew for some reason and invalidates the certificate!
I used the Microsoft documentation for Protected EAP but this was all written for Server 2003.
21st September 2009, 12:32 PM #4
21st September 2009, 09:46 PM #5
- Rep Power
I did some internal testing of this solution.
Testing setup was 2008 domain with Netgear AP. Clients was windows XP /Windows 7
Windows XP had a large limitation that the network can authenticate against the domain computer account, but if you want to have user authentication as well, the re-authentication from computer to user happens during the logon process. This breaks roaming user profiles + scripts as the network connection is lost then reconnected. I believe Vista has this same limitation. A Microsoft page said this was by design and not going to be resolved. (lost the link i'm afraid)
Windows 7 resolves this issue by re authenticating before the normal login process starts, and works well, however as we are not ready to roll out win7 my testing stopped at that point.
The IAS logs are a bit of a mare to follow, but goggling for ias log viewer brings up some shareware software that gives an reasonable hint to the issue in english. It crashes on exit of the program but doesn't seem to do any harm other than that.
22nd September 2009, 11:50 AM #6
Troubleshooting it with IAS was another reason why I use Elektron radius server.
By Antp in forum Hardware
Last Post: 11th December 2008, 07:53 PM
By maniac in forum Wireless Networks
Last Post: 23rd October 2008, 10:10 AM
By jamin100 in forum Wireless Networks
Last Post: 22nd July 2008, 11:50 PM
By spc-rocket in forum Wireless Networks
Last Post: 3rd January 2008, 07:15 PM
By wesleyw in forum Hardware
Last Post: 4th October 2007, 10:34 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)