10-24-2006 08:59 AM - edited 07-03-2021 01:08 PM
Hi,
we have an implementation of Wlan distributed throughout several plant's, where there security implemented is:
1. SSID Hidden
2. 128 Fixed WEP Key
3. Cisco ACS with registration of MacAddress's
And we are then doing authentication based on Mac-Address.
We know that this is really a not safe solution, but what you would recommend, considering that we are Running Microsoft Active Directory, but avoiding the use of Certificates.
Thanks for any recomendation,
Best Regards,
Jorge Sousa
10-24-2006 09:21 AM
well you could do LEAP. You get AD authentication, can do WPA instead of WEP, and there is no need for a certificate.
10-24-2006 09:34 AM
This will have to be driven by your clients and what they support. I have been focusing on WPA2/PEAP lately, for broad client support. PEAP uses a certificate, but only for the ACS server. If your clients support it you could do EAP-FAST, but some clients do not support it.
If you post more info about your client base (OS and hardware) we could probably give more specific reponses.
-Eric
Please remember to rate all helpful posts.
11-07-2006 03:28 PM
My clients are basically Windows XP (sp1 and sp2), still some Windows 95, and some Intermec Scanners.
11-08-2006 12:13 AM
If you dont want use certificates EAP-FAST is best , fast and secure solution - its 802.1X EAP type authentication without using CA
check following Q&A
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00802030dc.shtml
ACS setting for EAP-FAST
EAP-FAST Deployment Guide (PDF)
M.
Hope that helps rate if it does
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide