×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Best way to secure Aironet 1200 for small office

Unanswered Question
Aug 5th, 2006
User Badges:

We are getting ready to install 4 aironet 1200 AP's into an office that will only be used by 5 people with T43 Thinkpads (Intel 2200 built-in card).


What is the best method to secure the connection and prevent the outside world from accessing our internal network?


I don't feel WEP/WPA encryption is enough -- Would be interested in using the built in security that comes with the Aironet and not an external security server, yet.


Any info or push in the right direction is greatly appreciated.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
scottmac Sat, 08/05/2006 - 14:03
User Badges:
  • Green, 3000 points or more

You could pretty easily use the "local" RADIUS built-in to the AP firmware and implement LEAP or EAP-FAST.


Both are pretty easy to set up, the AP can handle that small load without any real performance issues, and the Intel client software supports it (you'll want to make sure all the client software and drivers are the most recent, there were some issues in the past).


Both LEAP and EAP-FASt will support seamless roaming, You'd set one of the APs up for WDS and the others to point to it.


Admin (add/change/delete users) via the Web GUI is also pretty straight forward.


Good Luck


Scott




nyciscotech Mon, 08/07/2006 - 14:57
User Badges:

Thanks buddy! Any configuration guides you can think of that would get me started with EAP-FAST and the local radius? I found a configuration guide from cisco but it requires an ACS server

scottmac Tue, 08/08/2006 - 08:03
User Badges:
  • Green, 3000 points or more

Your best bet (probably) would be to use the Web GUI. Just aim your browser at the AP's address.


The Local RADIUS server is set up in the "Security" link. The only trick there is to make sure you use *exactly* the same key (spaces are significant) when you set up the other APs.


The online help offered (icon in the upper right of the WebGUI) is likely all you'll need.


If not, let us know.


Good Luck


Scott


nyciscotech Tue, 08/15/2006 - 19:20
User Badges:

I configured the 1200 for EAP-Fast with Open WEP encryption. I also installed the latest Intel software and drivers.


At first, it wouldn't connect at all.


Then I disabled "Cisco Extensions" on the 1200. After this I could get the PAC provisioned and the built-in radius log shows "successful provisions". But it doesn't show anything about successful username/passwords.


Seems like it's getting held up passing the authentication credentials somewhere.


Any suggestions? Unfortunately all of the thinkpads have the Intel cards.


Thanks!

Actions

This Discussion