Big Help: WPA-RADIUS-w2k3

B

bigstusexy

2[H]4U
Joined
Jan 28, 2002
Messages
3,194
We want to run some wireless where I am, and I've been high on telling everyone that I've heard the most secure option is WPA tied into a radius server. I'm familar with RRAS and I'm looking through it right now, and its now that it hits me that Iv'e always read about how to tell RRAS how to look for the RADIUS server, never how to create one.

I need help in implimenting this, I'll be looking around the web but any insight you can give would be great.

Bassically:
We have cisco aironets 1100's with the upgradeed 54G radios
2k3 boxes and some 2k boxes but every site has at least one 2k3 server.

Our layout is basically star, we have a main site and remote sites branch off of us. I was thinking each site should have its own radius server or perhaps one in the man office and all other servers link to that one.

So if you've got founded ideas, information, let me know.

EDIT: I'm currently reading this paper.
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx
 
Hear are some key words: 802.1x, PKI, Certificate Authority, IAS (Windows RADIUS).

What you need to look into is setting up 802.1x. 802.1x is the mechanism for what it seams you are trying to accomplish. This requires a RADIUS server and a Public Key Infrastructure. Windows PKI benifits from group policy for deployment, so active directory is a bonus here as well.

With that being said, do a search for "Windows 802.1x".
 
PKI is hard enough to implement on its own. Good luck rolling that in with the wireless authentication scheme as well.
 
BobSutan said:
PKI is hard enough to implement on its own. Good luck rolling that in with the wireless authentication scheme as well.
Click to expand...
After you've done it a few times, it's not that bad. It just takes patience and a lot of troubleshooting.
 
You scare me Bob, you scare me bad!

Since my boss wants this done next week he's kinda give me a repreive to do two with wep just to shut some people up and I can continue working on this. Ontop of that Next week I need to get rid of eTrust7 in the district and install Symantec Enterprixe 10.1 and probably update to 10.2 district wide, while taking two sites appart and putting them back together. Yeaaa Holidays :)


I'm going to look into it, I was reading that paper when I stopped to look at options on the virus scan replacement and possible use of AutoIt. I hope it doesn't turn into as much of a headache like when I first started using OpenVPN with certificates. Even when they had the Easy RSA batches I still get lost sometimes and if I had to authorize a new client now I'd need to go back and read for 10 minutes.

Thanks for all the suggestions I get the general gist now of what needs to be done I just have to look at implimentation.
 
You must log in or register to reply here.
Back
Top