• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 516
  • Last Modified:

Authniticate Cisco Wirless against AD with IAS

Hello,
I have a 4 cisco wireless access point in our network. The users have to enter a WEPA if they want to connect to the network.
I was told there is a way of authenticating the users or their computers against AD using IAS so that they don't have to enter a key if they want to connect to a wilress. Not ever used IAS and am new to Cisco Wirless, but I now our Access point has a feature to use a RADIOUS server.
0
netcomp
Asked:
netcomp
  • 2
2 Solutions
 
Jakob DigranesSenior ConsultantCommented:
True, you can use Radius for authentication.
When you use Radius you can get a two-factor authentication, using both something you are (computer joined to domain) and something you know (username and pword) to authenticate to network.

i.e. Harder to get unauthorized access, as with WEP or WPA/WPA2 which is either broken or easy to get to (social engineering).

Here's a guide that might help you: http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080921f67.shtml#insrescert
0
 
netcompAuthor Commented:
The above link is very helpful, but at the end it used the Cisco Aironet client to confgiure the wireless card.
What if we have a none Cisco wireless card or we simply want to use Windows for connecting to a wireless network. Could you send me some info on how to use the windows to connect using the same method. Thanks,

May, I open a new question for this, but do you know how I can create a  SSID for our guest and somehow configure it so that they can only access the internet and not the network.
0
 
generalitCommented:
You need to install IAS from add remove progs on the server.
You then need proper certificates installed on your workstations. Deploy via gpo if you have many machines.
on your AP via the web admin you can add the radius/ias server manually, or add via telnet which will be alot more complicated. Teh advantage thou would be that you could then re use your startup configs for other access points if you have many

0
 
generalitCommented:
oops, didnt quite read jakobs reply.

it will still work when you have windows only. if your certificates match between the station and the ias server, you should see the access points add themselves. We have had when it doesnt and we just had to add a wifi connection manually, only supplying the ssis and the encryption used. but this is  very far inbetween
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now