Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
583
Views
0
Helpful
5
Replies

best security method to use for authentication and encryption

jorge.s
Level 1
Level 1

‎04-19-2006 02:18 AM - edited ‎07-04-2021 11:57 AM

Hi,

we have implemented a Cisco ACS, and have a Microsoft Active Directory implementation.

I would like to know what is the best security method to use for authentication and encryption

without the need to buy any Certificate or client software?

We would like to use the standard Microsoft Windows XP features, without installing any WLAN Clients.

Thanks

Jorge Sousa

Labels:
0 Helpful
5 Replies 5

tahequivoice
Level 2
Level 2

‎06-29-2006 03:03 PM

WPA-PSK is what you are looking for, but it does not use AD. For that you will probably need to use a third party client. I have yet been able to get any of my cards, including the Cisco ABG card to work using username and password against AD using the XP client, but works like a charm with the Cisco client software. I can connect quickly and easily with the XP client using WPA-PSK though.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to tahequivoice

‎06-29-2006 04:05 PM

You can use Microsoft CA to generate a free cert. Then you can configure the ACS for PEAP that is compatible with XP. Depending if your XP users support WPA2 AES or WPA TKIP, Either one will be secure, of course WPA2 would be the better choice. I know if xp doesnt have the WPA2 option, there is a hotfix out ther for that. You then crate a policy on the ACS to authenticate users to AD. There is a lot of information on how to set this up int ACS or even Microsoft IAS...

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx

-Scott
*** Please rate helpful posts ***
0 Helpful

tahequivoice
Level 2
Level 2
In response to Scott Fella

‎06-30-2006 04:27 AM

Isnt the WPA2 or AD authentication card dependant? Some cards dont support AES, or WPA for that matter.

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎06-30-2006 06:54 AM

Go with PEAP and WPA. Users can authenticate against the AD adn be done with it. As for what, the native Windows Client will do PEAP, and if you find a client that can't do WPA, upgrade the drivers. WPA is a standard and should be there. WPA2 on the other hand is not standard yet, but with WPA2 you get a stronger encryption, WPA you get rotating key. I'd personally go with rotating key, any encryptio can be broken given enough time.

my 2cents

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Darren Ramsey
Level 4
Level 4
In response to Stephen Rodriguez

‎06-30-2006 07:49 PM

Well, IEEE ratified 802.11i in June 2004 and the WIFI alliance started certifying WPA2 devices in September 2004, so there is plenty of support for WPA2. Just got back from Networkers 2006 and they were recommending WPA2 in the following order:

Platinum - WPA2-AES

Gold - WPA-TKIP

Lead - WEP

The big player's (Cisco, Intel, Broadcom) AG cards will do WPA2-AES and CCX3 or better just fine with the latest drivers. Don't forget the MS WPA2 patch KB893357 if you are going to use the MS PEAP client. IAS or ACS will work equally well, just don't forget the MS fast reconnect patch when used with ACS.

WPA2 provides better encryption and PMK caching, which is a standards based fast roaming similar to Cisco CCKM. The only drawback that I know is WPA2 XP client configuration is not yet available to be pushed out via AD group policy.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card