Solved

Wireless authentication security using Certificates and 802.11x

Posted on 2012-04-06
2
1,285 Views
Last Modified: 2013-12-09
I'm working with an engineer on deploying a wireless solution using Cisco Aironet access points and a 2504 controller.  Wireless in general is new for both of us so I'm looking for information about the best way to setup authentication for this network.  

Our goal is to have the laptops using wireless authenticate with a certificate without requiring the user to authenticate manually.  From what I have read in order to be secure we should be using the 802.11x protocol along with Protected EAP (PEAP) with EAP-TLS.

Not knowing much about either certificates with a Server 2008 domain and the Cisco access points I'm hoping someone here can help me out with the general steps we'd need to take to make this happen.  I'd also appreciate it if you could point me to any good summary documents that explain how this should all work from a high level since I am not well versed in the technical details yet.
0
Comment
Question by:First Last
2 Comments
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 37834269
Ok, so you need to implement Computer Authentication via Digital Certificate.  This is not easy and if you're new to Wireless/Cisco/Certificates it'll be a whole new experience!

Basically, you'll need to configure a Certification Authority (Microsoft Certificate Services) and a RADIUS Server (Microsoft NPS Service).
As well as this you'll need to create a couple of Group Policies.  One will automatically enroll computers to obtain a computer certificate from the CA, and the other will push the WLAN settings to computers.

On the Cisco Wireless controller you will need to configure a RADIUS server and set the SSID to use the RADIUS server when processing authentication requests.

Have a look at this doc for NPS setup...

http://araihan.wordpress.com/2009/11/11/windows-server-2008-how-to-configure-network-policy-server-nps-or-radius-server/



This might also help...

http://araihan.wordpress.com/2010/04/30/complete-guide-to-build-a-cisco-wireless-infrastructure-using-cisco-wlc-5500-cisco-1142-ap-and-microsoft-radius-server/




In all honesty it's not easy to implement if you're not familar with the concepts.  There's a lot to do, so try and get each major component installed first, then link it all together.
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 37834282
Thank you very much for the reply, I should have broken this question down into smaller chunks.  I'll start reading the links you provided but your overall description sounds very much in line with what I have discovered so far.  Thanks again!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

MAC Filtering: MAC filtering is like handing a list of names to a doorman. If someone comes to the door and mentions a name, this name is checked by the doorman on his list and granted or denied access by this. This means that if someone menti…
Multi-source agreements are important because they set standards that all manufacturers should follow to ensure that devices are compatible with multiple vendors. The multi-source agreement (MSA) is an agreement that establishes how multiple vendors…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now