Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

What's the best wireless security without external Radius?

Hi All,

What's the best wireless security method assuming I do not use an external Radius server? This is a small installation, with a few 1230 APs. I don't want to put in a separate Radius server (or run IPSec over the WLAN), but I would like something more secure than WEP.

What are my options? Is it possible to do some kind of EAP or 802.1x with the on board Radius server? What about authenticating to Windows AD? Sorry if I'm ignorant, but I don't do much wireless work.

Thanks, Randy

6 REPLIES

Re: What's the best wireless security without external Radius?

I think the onboard radius server on AP supports LEAP. Otherwise your best options are to use WEP, TKIP and MIC if clients do support that, have a WEP rotation policy (frequently), terminate the wireless lan vlan to a dmz of a firewall, to isolate it from your wired network, etc. You can additionally use mac-address filtering if the number of clients are not large in number.

New Member

Re: What's the best wireless security without external Radius?

Shanky,

I found this post from an earlier topic but I had a question for you! Do you think it would be wise for me to use the Windows built in option for IAS as a RADIUS server for all my 1200,1300,1400 AAA security? I'm trying to see if we can still use PEAP encryption from the Cisco AP / bridge to the Windows Server without having to purchase a new Cisco server / software / license agreement. I figure if we can get the same security from the in house OS's than why not utilize IAS ( Internet Authentication Service)

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4a9f7fcf-e98d-4178-ba1b-a1c3aa460844.mspx

Thanks

-Alonzo

Re: What's the best wireless security without external Radius?

New Member

Re: What's the best wireless security without external Radius?

Hey

local radius server support eap-fast.

Or use wpav2 with a secure pre-shared key.

Oliver

New Member

Re: What's the best wireless security without external Radius?

Is possible to configure an EAP-FAST WLAN with the local RADIUS of one of the APs1230 if there is one that is in repeater mode?

New Member

Re: What's the best wireless security without external Radius?

the radius only allows you to enter the network, but the security is set by the encryption. I can capture wireless traffic just by cracking encryption not the radius validation

140
Views
0
Helpful
6
Replies
CreatePlease login to create content