Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
0
Helpful
6
Replies

What's the best wireless security without external Radius?

Randall White
Level 3
Level 3

‎10-13-2005 08:37 PM - edited ‎07-04-2021 11:13 AM

Hi All,

What's the best wireless security method assuming I do not use an external Radius server? This is a small installation, with a few 1230 APs. I don't want to put in a separate Radius server (or run IPSec over the WLAN), but I would like something more secure than WEP.

What are my options? Is it possible to do some kind of EAP or 802.1x with the on board Radius server? What about authenticating to Windows AD? Sorry if I'm ignorant, but I don't do much wireless work.

Thanks, Randy

Labels:
0 Helpful
6 Replies 6

thisisshanky
Level 11
Level 11

‎10-13-2005 09:02 PM

I think the onboard radius server on AP supports LEAP. Otherwise your best options are to use WEP, TKIP and MIC if clients do support that, have a WEP rotation policy (frequently), terminate the wireless lan vlan to a dmz of a firewall, to isolate it from your wired network, etc. You can additionally use mac-address filtering if the number of clients are not large in number.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

alonzo-garza
Level 1
Level 1
In response to thisisshanky

‎11-14-2005 11:22 AM

Shanky,

I found this post from an earlier topic but I had a question for you! Do you think it would be wise for me to use the Windows built in option for IAS as a RADIUS server for all my 1200,1300,1400 AAA security? I'm trying to see if we can still use PEAP encryption from the Cisco AP / bridge to the Windows Server without having to purchase a new Cisco server / software / license agreement. I figure if we can get the same security from the in house OS's than why not utilize IAS ( Internet Authentication Service)

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4a9f7fcf-e98d-4178-ba1b-a1c3aa460844.mspx

Thanks

-Alonzo

0 Helpful

thisisshanky
Level 11
Level 11
In response to alonzo-garza

‎11-14-2005 11:39 AM

Alonzo,

That should work.

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

o-ziltener
Level 1
Level 1

‎10-14-2005 01:22 PM

Hey

local radius server support eap-fast.

Or use wpav2 with a secure pre-shared key.

Oliver

0 Helpful

racom
Level 1
Level 1
In response to o-ziltener

‎11-02-2005 08:23 AM

Is possible to configure an EAP-FAST WLAN with the local RADIUS of one of the APs1230 if there is one that is in repeater mode?

0 Helpful

j.giulianetti
Level 1
Level 1

‎03-06-2006 12:52 PM

the radius only allows you to enter the network, but the security is set by the encryption. I can capture wireless traffic just by cracking encryption not the radius validation

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card