I have a Cisco 871W router and would like to setup a secure wireless access point for the local office. Did some reading on wireless security and sort of come down with a couple of methods to do it but would like to hear your feeback on it.
1. Connect the 871W to the office LAN. The wireless security I'm thinking of is WAP-PSK Preshare. Once connected, the user will have to carry out SSL WebVPN authentication to gain access to the internal network. This 2nd layer of authentication would probably be using RADIUS authentication. I've got RADIUS working for Cisco VPN Client on a PIX 515 already so I don't think it should be that difficult with setting up RADIUS for the 871W router.
Alternatively I can:
2. Configure 802.1X authentication on the router. Wireless clients will have to turn on 802.1X to be able to connect to the corporate internal network. I can see some stumbling block in using this methods like:
- I do not have a certificate server hence it'll be a pain getting the clients to authenticate via 802.1X
- It'll be difficult to implement different level of access using 802.1X. For instance visiting guest would have access to nothing but the internal proxy server for surfing the Internet. All domain users will have full access to internal network.
Thanks in advance for your reply and if you know of any links that would point me in the right direction, it would be greatly appreciated.
SSL uses digital certificates for authentication. The VPN Concentrator creates a self-signed SSL server certificate when it boots; or you can install in the VPN Concentrator an SSL certificate that has been issued in a PKI context. For HTTPS, this certificate must then be installed in the client. You need to install the certificate from a given VPN Concentrator only once.
For information on installing the SSL digital certificate in your browser and connecting via HTTPS, in the VPN 3000 Series Concentrator refer to
IntroductionHow to use the Wireless LAN Controller Configuration Analyzer (WLCCA)
Javier Contreras is a Senior Tech Lead for the Wireless Business Unit in Cisco, with over 2 decades of experi...
< PRE >
(#)For this reason being that : - application that doesn't use multicast, sends one copy of each packet ( data unit of traffic at layer 3 ) to each client (" who seeks the traffic ).- application that does use multicast, sends ...
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...