Securing a wireless network with 802.1x + WPA

Unanswered Question
Aug 19th, 2009

I'm currently in the process of designing a new wireless network and am looking to do both authorization from a RADIUS server (Active Directory) and encryption using WPA. Rather than setting a pre-shared key and distributing it to all the users I would rather have the AP automatically distribute the encryption key after the user has authenticated. Is this possible? If so, which Cisco AP's support this functionality?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Robert.N.Barrett_2 Wed, 08/19/2009 - 12:36

I don't think you can do that. You might want to think about the following (if you have all Windows clients)

- Use PEAP machine authentication and push out the config (over the wire) via GPO

- Configure a domain controller with PKI (Certificate Services) and machine auto-enrollment. Use EAP-TLS for authentication, and push out the wireless config via GPO

- Use WPA with PSK and push out the config via GPO.

The only problem is that your wireless client config would need to be pushed out over the wire (not wireless) via GPO. This also assumes that your wireless supplicant is Wireless Zero Config (and not the Intel PROset or Cisco Aironet stuff).

I'm afraid you're going to have to touch the machines one way or the other, but you can touch them remotely (via GPO) or touch the manually to configure the wireless settings.


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode