Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
3
Helpful
4
Replies

Wireless Security?

jorge.s
Level 1
Level 1

‎10-24-2006 08:59 AM - edited ‎07-03-2021 01:08 PM

Hi,

we have an implementation of Wlan distributed throughout several plant's, where there security implemented is:

1. SSID Hidden

2. 128 Fixed WEP Key

3. Cisco ACS with registration of MacAddress's

And we are then doing authentication based on Mac-Address.

We know that this is really a not safe solution, but what you would recommend, considering that we are Running Microsoft Active Directory, but avoiding the use of Certificates.

Thanks for any recomendation,

Best Regards,

Jorge Sousa

Labels:
0 Helpful
4 Replies 4

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎10-24-2006 09:21 AM

well you could do LEAP. You get AD authentication, can do WPA instead of WEP, and there is no need for a certificate.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

ethiel
Level 3
Level 3
In response to Stephen Rodriguez

‎10-24-2006 09:34 AM

This will have to be driven by your clients and what they support. I have been focusing on WPA2/PEAP lately, for broad client support. PEAP uses a certificate, but only for the ACS server. If your clients support it you could do EAP-FAST, but some clients do not support it.

If you post more info about your client base (OS and hardware) we could probably give more specific reponses.

-Eric

Please remember to rate all helpful posts.

0 Helpful

jorge.s
Level 1
Level 1
In response to ethiel

‎11-07-2006 03:28 PM

My clients are basically Windows XP (sp1 and sp2), still some Windows 95, and some Intermec Scanners.

0 Helpful

m.sir
Level 7
Level 7

‎11-08-2006 12:13 AM

If you dont want use certificates EAP-FAST is best , fast and secure solution - its 802.1X EAP type authentication without using CA

check following Q&A

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00802030dc.shtml

ACS setting for EAP-FAST

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00804b9d57.shtml

EAP-FAST Deployment Guide (PDF)

http://www.cisco.com/application/pdf/en/us/guest/products/ps4076/c1067/ccmigration_09186a00802623a2.pdf

M.

Hope that helps rate if it does

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card