Solved

Wireless authentication security using Certificates and 802.11x

Posted on 2012-04-06
2
1,307 Views
Last Modified: 2013-12-09
I'm working with an engineer on deploying a wireless solution using Cisco Aironet access points and a 2504 controller.  Wireless in general is new for both of us so I'm looking for information about the best way to setup authentication for this network.  

Our goal is to have the laptops using wireless authenticate with a certificate without requiring the user to authenticate manually.  From what I have read in order to be secure we should be using the 802.11x protocol along with Protected EAP (PEAP) with EAP-TLS.

Not knowing much about either certificates with a Server 2008 domain and the Cisco access points I'm hoping someone here can help me out with the general steps we'd need to take to make this happen.  I'd also appreciate it if you could point me to any good summary documents that explain how this should all work from a high level since I am not well versed in the technical details yet.
0
Comment
Question by:First Last
2 Comments
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 37834269
Ok, so you need to implement Computer Authentication via Digital Certificate.  This is not easy and if you're new to Wireless/Cisco/Certificates it'll be a whole new experience!

Basically, you'll need to configure a Certification Authority (Microsoft Certificate Services) and a RADIUS Server (Microsoft NPS Service).
As well as this you'll need to create a couple of Group Policies.  One will automatically enroll computers to obtain a computer certificate from the CA, and the other will push the WLAN settings to computers.

On the Cisco Wireless controller you will need to configure a RADIUS server and set the SSID to use the RADIUS server when processing authentication requests.

Have a look at this doc for NPS setup...

http://araihan.wordpress.com/2009/11/11/windows-server-2008-how-to-configure-network-policy-server-nps-or-radius-server/



This might also help...

http://araihan.wordpress.com/2010/04/30/complete-guide-to-build-a-cisco-wireless-infrastructure-using-cisco-wlc-5500-cisco-1142-ap-and-microsoft-radius-server/




In all honesty it's not easy to implement if you're not familar with the concepts.  There's a lot to do, so try and get each major component installed first, then link it all together.
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 37834282
Thank you very much for the reply, I should have broken this question down into smaller chunks.  I'll start reading the links you provided but your overall description sounds very much in line with what I have discovered so far.  Thanks again!
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now