Wireless 2106 Controler

Posted on 2009-07-10
Last Modified: 2013-12-09

I have a Cisco 2601 set up with a basic wireless network. However at the moment it is running WPA-WPA2 security for users to log in.

What I want is for users to use 802.1x security, so they have to enter a user name and password, and then each client negoatates its own shared key with the controler for that session.

I have seen this done via a web page where you open up a web browser and are taken to a web apge where you have to enter your details before you can use the wireless network.

I am sure you can set this up on the controler its self, however I am not sure how to do this, Never played with this type of authentication before.

If any one knows what I am going on about, would you be able to point me in the correct direction of how to do this.

I just want each session to have its own shared key, and for log on to be via a user name and password. (dosent have to be a web page log on, if there are other ways I would be intrested)

Thank you

Question by:Aaron Street
  • 4
  • 2

Expert Comment

ID: 24822379
Probably you're talking about a Captive Portal...
Not sure if it can be done in that cisco model, lets see if others have any idea.

Expert Comment

ID: 24822662
Not sure on that model Cisco, on the ones we have (1300 series) we would need a central appliance for that. You could set up free-radius on a Linux server, but the configuration is far from simple*
(I know that it is possible, but I have not managed to successfully create it. I am also not a Linux guy, so that may be the problem)
LVL 16

Author Comment

by:Aaron Street
ID: 24823014
yer see I really dont know my wireless stuff. and like you hamare I am not a linux person.

there are loads of setings on the controler. and I can see the seting up a central radius server.

but there are also options for settign up local users for use with authentication to the SSID's but I havent got a clue how to do it.

At the moment I am just using a basic Per shared key on the SSID, but this means if I want to cahnge it it kicks every one off, and every one is using this same key for the connection.

What I am looking for is a way for every one to have the same log on authentication. but then have each connection use its own PSK for the session.

so it would be more secure, and changing the password could be doone with out people dropping the connection.
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.


Accepted Solution

martino87r earned 500 total points
ID: 24823851
A suggestion can be to use ZeroShell:

Extensive docs on how to setup RADIUS and Captive Portal through a nice and very easy web interface...
Definitely give it a try
LVL 16

Author Comment

by:Aaron Street
ID: 24841108
Cheers guys, but does no one know if the 2106 has any of this built in. I will deffently be looking at that zeroshell stuff, looks very intresting
LVL 16

Author Comment

by:Aaron Street
ID: 24876850
Ok so I got zero shell up and running :) nice litlte system and runs great on an old MAgnia SG20 box I have laying around!

next how do I  / Can I set this up.

This is for an open access network, for members of the public to connect to.

what my idea is that layer 2 wpa/802.1x security is transparrent to the user, no log on just the data gets encrypted securley. or with a simple username and password set on the radius server so that each conenction is secure,
at the moment every one uses the same PSK... waht I want is for there to be a single log on, but each connection has its own PSK given from radius server.

my question is, can i get the radius server to authenticate 802.1x, with out the need to install a certificate on the client PC/ laptops? as simpley as possible for the users.

this is a stand alone network for internet, and the zeroshell server is the only server on the network and will have to do all the work.

the trouble i see with captive portal is it dose not encrypt the layer two traffic? I will be looking at this next but I would like to get a good undersanding of the layer 2 part of wireless first. Also the captive poral bit looks a bit simpler :)

Any ideas ? or should I open a new questions on Radius servers?

Cheers for all the help guys
LVL 16

Author Closing Comment

by:Aaron Street
ID: 31601988
Zero shell is coolll!!!!!!!!!!! cheers, so much more than just sorted my wireless issue!

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Coaxial cable bending There are several factors that govern the selection of coaxial cable for your Machine to Machine (M2M) application: the location of cable runs, either indoor or outdoor, inside or outside an enclosure, maximum bending and the…
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question