Authentication on a Wireless Network

Unanswered Question
Aug 18th, 2010
User Badges:

Hi all,


I have 2 standalone networks to be deployed in a hotel area on ground and 20th floor. We have a 5M internet link provided by the ISP for the users. I will be usingAIR-WLC4402-12-K9 with AIR-LAP1142N-N-K9 for providing wireless connectivity.


I need to provide some kind of authentication for the users at the site.


1) Can we have a common shared key for user authentication? Like WPA1 or WPA2? How will the keys be generated and how will the WLCs authorize the generated keys? can it act like a local ACS server?


My understanding is User tries to associate with a SSID---> WLC asks for a key--> User enters the password (common to all)-->Key is generated --> User gets IP to connect to the network


Please let me know if my understanding is correct


As It is not possible to give username and pwds to all the users, I  would like to know how this authentication is best implemented?


Appreciate your help!!


Cheers

Navneet

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rollin Kibbe Wed, 08/18/2010 - 07:03
User Badges:
  • Cisco Employee,

Navneet:


The title of your post cites authentication, yet WPA keys have nothing to do with authentication, they have to do with encryption and key management.


In most public places like what you're describing where there's a wireless LAN controller, web authentication is used.  Guest accounts can be created (that expire or don't expire) and guest users log into a page with the guest user account name and password.  The authentication can be done on the controller or it can go to an external authentication server.  There's a great doc about it:


Wireless LAN Controller Web Authentication Configuration Example

http://tools.cisco.com/squish/Be171


Sincerely,


Rollin Kibbe

Network Management Systems Team

Actions

This Discussion

 

 

Trending Topics - Security & Network