Solved

Wireless 2106 Controler

Posted on 2009-07-10
7
521 Views
Last Modified: 2013-12-09
Hi,

I have a Cisco 2601 set up with a basic wireless network. However at the moment it is running WPA-WPA2 security for users to log in.

What I want is for users to use 802.1x security, so they have to enter a user name and password, and then each client negoatates its own shared key with the controler for that session.

I have seen this done via a web page where you open up a web browser and are taken to a web apge where you have to enter your details before you can use the wireless network.

I am sure you can set this up on the controler its self, however I am not sure how to do this, Never played with this type of authentication before.

If any one knows what I am going on about, would you be able to point me in the correct direction of how to do this.

I just want each session to have its own shared key, and for log on to be via a user name and password. (dosent have to be a web page log on, if there are other ways I would be intrested)

Thank you

AAron
0
Comment
Question by:Aaron Street
  • 4
  • 2
7 Comments
 
LVL 2

Expert Comment

by:martino87r
ID: 24822379
Probably you're talking about a Captive Portal...
Not sure if it can be done in that cisco model, lets see if others have any idea.
0
 
LVL 9

Expert Comment

by:hmare
ID: 24822662
Not sure on that model Cisco, on the ones we have (1300 series) we would need a central appliance for that. You could set up free-radius on a Linux server, but the configuration is far from simple*
(I know that it is possible, but I have not managed to successfully create it. I am also not a Linux guy, so that may be the problem)
0
 
LVL 16

Author Comment

by:Aaron Street
ID: 24823014
yer see I really dont know my wireless stuff. and like you hamare I am not a linux person.

there are loads of setings on the controler. and I can see the seting up a central radius server.

but there are also options for settign up local users for use with authentication to the SSID's but I havent got a clue how to do it.

At the moment I am just using a basic Per shared key on the SSID, but this means if I want to cahnge it it kicks every one off, and every one is using this same key for the connection.

What I am looking for is a way for every one to have the same log on authentication. but then have each connection use its own PSK for the session.

so it would be more secure, and changing the password could be doone with out people dropping the connection.
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 2

Accepted Solution

by:
martino87r earned 500 total points
ID: 24823851
A suggestion can be to use ZeroShell:

http://zeroshell.net/eng/

Extensive docs on how to setup RADIUS and Captive Portal through a nice and very easy web interface...
Definitely give it a try
0
 
LVL 16

Author Comment

by:Aaron Street
ID: 24841108
Cheers guys, but does no one know if the 2106 has any of this built in. I will deffently be looking at that zeroshell stuff, looks very intresting
0
 
LVL 16

Author Comment

by:Aaron Street
ID: 24876850
Ok so I got zero shell up and running :) nice litlte system and runs great on an old MAgnia SG20 box I have laying around!

next how do I  / Can I set this up.

This is for an open access network, for members of the public to connect to.

what my idea is that layer 2 wpa/802.1x security is transparrent to the user, no log on just the data gets encrypted securley. or with a simple username and password set on the radius server so that each conenction is secure,
at the moment every one uses the same PSK... waht I want is for there to be a single log on, but each connection has its own PSK given from radius server.

my question is, can i get the radius server to authenticate 802.1x, with out the need to install a certificate on the client PC/ laptops? as simpley as possible for the users.

this is a stand alone network for internet, and the zeroshell server is the only server on the network and will have to do all the work.

the trouble i see with captive portal is it dose not encrypt the layer two traffic? I will be looking at this next but I would like to get a good undersanding of the layer 2 part of wireless first. Also the captive poral bit looks a bit simpler :)

Any ideas ? or should I open a new questions on Radius servers?

Cheers for all the help guys
0
 
LVL 16

Author Closing Comment

by:Aaron Street
ID: 31601988
Zero shell is coolll!!!!!!!!!!! cheers, so much more than just sorted my wireless issue!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
Multi-source agreements are important because they set standards that all manufacturers should follow to ensure that devices are compatible with multiple vendors. The multi-source agreement (MSA) is an agreement that establishes how multiple vendors…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now