Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Help! So confused about wireless security!

Hello all,

I am so confused about wireless security. Someone please explain some things for me in little words!

We are deploying a wireless setup using aironet 1100 APs and 1300 Bridges. We have a mix of XP Pro and XP Home (arrrg) machines.

Right now i have everything set up using wpa-psk w/tkip. But i would like to deploy authentication into the mix. But there are so many auth types out there i don't know what is the best for us, or whether anything is right for us. The thoughts of rolling out a radius box is frightening simply because i haven't done any of that sort of thing before.

Ultimately this wireless setup will be transporting voice along with data via vlans and a dot1q trunk between the bridges. So from what i have read we will need WDS for fast roaming, another confusing topic.

Can someone give me some advice on what we should do?

Hall of Fame Super Silver

Re: Help! So confused about wireless security!

Well.... One thing is if you want a higher secure method, you will have to use certificates. PEAP is probobly the most deployed method and the simplest EAP method. This would require you to build an IAS server (comes with windows server) and a Certificate Authority Server which also comes with Windows Server. Just do a search on Google.. configure 802.1x windows server 2003 and you will find some good articles on setting this up. WDS for fast roaming requires the use of Cisco wireless cards or cards that are CCK2 compliant. If you are using internal cards, fast roaming will not work. They will however work if you are using Cisco 7920 ip phones. Hope this kind of helps.

*** Please rate helpful posts ***
New Member

Re: Help! So confused about wireless security!

Thanks, i will google that stuff and see what comes up. See some of the clients are XP Home, so i am not sure whether peap certs will work from a dc?

Thanks for you help!

Hall of Fame Super Silver

Re: Help! So confused about wireless security!

If you want to run WPA2 and some of your clients do not support it, try to install the hotfix:

Since XP home does not join a domain, users still can be created in AD and the client would then enter the username and password one time.

*** Please rate helpful posts ***
CreatePlease to create content