Solved

Wireless authentication security using Certificates and 802.11x

Posted on 2012-04-06
2
1,503 Views
Last Modified: 2013-12-09
I'm working with an engineer on deploying a wireless solution using Cisco Aironet access points and a 2504 controller.  Wireless in general is new for both of us so I'm looking for information about the best way to setup authentication for this network.  

Our goal is to have the laptops using wireless authenticate with a certificate without requiring the user to authenticate manually.  From what I have read in order to be secure we should be using the 802.11x protocol along with Protected EAP (PEAP) with EAP-TLS.

Not knowing much about either certificates with a Server 2008 domain and the Cisco access points I'm hoping someone here can help me out with the general steps we'd need to take to make this happen.  I'd also appreciate it if you could point me to any good summary documents that explain how this should all work from a high level since I am not well versed in the technical details yet.
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 37834269
Ok, so you need to implement Computer Authentication via Digital Certificate.  This is not easy and if you're new to Wireless/Cisco/Certificates it'll be a whole new experience!

Basically, you'll need to configure a Certification Authority (Microsoft Certificate Services) and a RADIUS Server (Microsoft NPS Service).
As well as this you'll need to create a couple of Group Policies.  One will automatically enroll computers to obtain a computer certificate from the CA, and the other will push the WLAN settings to computers.

On the Cisco Wireless controller you will need to configure a RADIUS server and set the SSID to use the RADIUS server when processing authentication requests.

Have a look at this doc for NPS setup...

http://araihan.wordpress.com/2009/11/11/windows-server-2008-how-to-configure-network-policy-server-nps-or-radius-server/



This might also help...

http://araihan.wordpress.com/2010/04/30/complete-guide-to-build-a-cisco-wireless-infrastructure-using-cisco-wlc-5500-cisco-1142-ap-and-microsoft-radius-server/




In all honesty it's not easy to implement if you're not familar with the concepts.  There's a lot to do, so try and get each major component installed first, then link it all together.
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 37834282
Thank you very much for the reply, I should have broken this question down into smaller chunks.  I'll start reading the links you provided but your overall description sounds very much in line with what I have discovered so far.  Thanks again!
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the purchase of CloudCommand by Comcast customers are left in a bind as subscriptions expire and render the AP's disabled. The following will explain how to flash your Ubiquiti AP's with CloudCommand firmware back to Ubiquiti firmware. HOWTO…
Multi-source agreements are important because they set standards that all manufacturers should follow to ensure that devices are compatible with multiple vendors. The multi-source agreement (MSA) is an agreement that establishes how multiple vendors…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question