Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Enterprise wireless authentication without pki? (http://www.velocityreviews.com/forums/t365576-enterprise-wireless-authentication-without-pki.html)

Michael Letchworth 08-21-2006 04:28 AM

Enterprise wireless authentication without pki?
 
I'm trying to figure out what to use for an enterprise environment. I
don't want to use a commercial certificate or manage certificates on
each workstation either.

I keep reading about eap-ttls but I cant find any document about setting
it up in a large network. I'm trying to setup a bunch of 1230 AP's to
authenticate to an AD on 2003 server running IAS.

I understand that LEAP is not so secure but PEAP requires a $350
certificate every year.

Does anyone have suggestions that I can do to get good encryption and
secure authentication?

Thanks.

RentonHe 08-21-2006 08:40 AM

Re: Enterprise wireless authentication without pki?
 
Hi,I think you can choose PEAP which is required server-side
certificate only.
You can setup a private enterprise root CA server thru MS 2003
server(it's free).

All you need to do is to enroll a server certificate from this CA(no
need for user certificate) and distribute root certificate for each
user(you can do that by put it in a Intranet web or push it to end user
by group policy)

Michael Letchworth wrote:
> I'm trying to figure out what to use for an enterprise environment. I
> don't want to use a commercial certificate or manage certificates on
> each workstation either.
>
> I keep reading about eap-ttls but I cant find any document about setting
> it up in a large network. I'm trying to setup a bunch of 1230 AP's to
> authenticate to an AD on 2003 server running IAS.
>
> I understand that LEAP is not so secure but PEAP requires a $350
> certificate every year.
>
> Does anyone have suggestions that I can do to get good encryption and
> secure authentication?
>
> Thanks.



Michael Letchworth 08-25-2006 02:50 AM

Re: Enterprise wireless authentication without pki?
 
Could you elaborate more? I loaded the root ca cert and ias on the a
2003 AD box. I'm new to the Cisco wireless ap's. I was thinking about
TTLS but I would have to load a supplicant so I was hopping that it
would be easier to do peap.

I'm guessing I create a PKI and store that on the server. How does that
get to the AP and then to the laptop?

Thanks for your help.

RentonHe wrote:
> Hi,I think you can choose PEAP which is required server-side
> certificate only.
> You can setup a private enterprise root CA server thru MS 2003
> server(it's free).
>
> All you need to do is to enroll a server certificate from this CA(no
> need for user certificate) and distribute root certificate for each
> user(you can do that by put it in a Intranet web or push it to end user
> by group policy)
>
> Michael Letchworth wrote:
>> I'm trying to figure out what to use for an enterprise environment. I
>> don't want to use a commercial certificate or manage certificates on
>> each workstation either.
>>
>> I keep reading about eap-ttls but I cant find any document about setting
>> it up in a large network. I'm trying to setup a bunch of 1230 AP's to
>> authenticate to an AD on 2003 server running IAS.
>>
>> I understand that LEAP is not so secure but PEAP requires a $350
>> certificate every year.
>>
>> Does anyone have suggestions that I can do to get good encryption and
>> secure authentication?
>>
>> Thanks.

>


Michael Letchworth 08-25-2006 02:53 AM

Re: Enterprise wireless authentication without pki?
 
Michael Letchworth wrote:
> Could you elaborate more? I loaded the root ca cert and ias on the a
> 2003 AD box. I'm new to the Cisco wireless ap's. I was thinking about
> TTLS but I would have to load a supplicant so I was hopping that it
> would be easier to do peap.
>
> I'm guessing I create a PKI and store that on the server. How does that
> get to the AP and then to the laptop?
>
> Thanks for your help.
>
> RentonHe wrote:
>> Hi,I think you can choose PEAP which is required server-side
>> certificate only.
>> You can setup a private enterprise root CA server thru MS 2003
>> server(it's free).
>>
>> All you need to do is to enroll a server certificate from this CA(no
>> need for user certificate) and distribute root certificate for each
>> user(you can do that by put it in a Intranet web or push it to end user
>> by group policy)
>>
>> Michael Letchworth wrote:
>>> I'm trying to figure out what to use for an enterprise environment. I
>>> don't want to use a commercial certificate or manage certificates on
>>> each workstation either.
>>>
>>> I keep reading about eap-ttls but I cant find any document about setting
>>> it up in a large network. I'm trying to setup a bunch of 1230 AP's to
>>> authenticate to an AD on 2003 server running IAS.
>>>
>>> I understand that LEAP is not so secure but PEAP requires a $350
>>> certificate every year.
>>>
>>> Does anyone have suggestions that I can do to get good encryption and
>>> secure authentication?
>>>
>>> Thanks.

>>



All times are GMT. The time now is 08:51 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.