×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Wireless Security?

Unanswered Question
Oct 24th, 2006
User Badges:

Hi,

we have an implementation of Wlan distributed throughout several plant's, where there security implemented is:

1. SSID Hidden

2. 128 Fixed WEP Key

3. Cisco ACS with registration of MacAddress's

And we are then doing authentication based on Mac-Address.

We know that this is really a not safe solution, but what you would recommend, considering that we are Running Microsoft Active Directory, but avoiding the use of Certificates.

Thanks for any recomendation,

Best Regards,

Jorge Sousa

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Stephen Rodriguez Tue, 10/24/2006 - 09:21
User Badges:
  • Purple, 4500 points or more

well you could do LEAP. You get AD authentication, can do WPA instead of WEP, and there is no need for a certificate.

ethiel Tue, 10/24/2006 - 09:34
User Badges:
  • Gold, 750 points or more

This will have to be driven by your clients and what they support. I have been focusing on WPA2/PEAP lately, for broad client support. PEAP uses a certificate, but only for the ACS server. If your clients support it you could do EAP-FAST, but some clients do not support it.


If you post more info about your client base (OS and hardware) we could probably give more specific reponses.


-Eric


Please remember to rate all helpful posts.



jorge.s Tue, 11/07/2006 - 15:28
User Badges:

My clients are basically Windows XP (sp1 and sp2), still some Windows 95, and some Intermec Scanners.

m.sir Wed, 11/08/2006 - 00:13
User Badges:
  • Gold, 750 points or more

If you dont want use certificates EAP-FAST is best , fast and secure solution - its 802.1X EAP type authentication without using CA

check following Q&A

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00802030dc.shtml

ACS setting for EAP-FAST

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00804b9d57.shtml


EAP-FAST Deployment Guide (PDF)

http://www.cisco.com/application/pdf/en/us/guest/products/ps4076/c1067/ccmigration_09186a00802623a2.pdf

M.

Hope that helps rate if it does

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode