Access Point

Discussion in 'Wireless Networking' started by =?Utf-8?B?SmF5?=, Apr 5, 2005.

  1. Hi,

    I am using EAP-TLS, and I know that it requires 802.1x complient access
    point.
    I am using LinkSys WAP55AG access point wich supports 802.11a/b/g, and
    surprisingly it is working with EAP-TLS.

    Here is the config:

    On AP:
    RADIUS/TKIP enabled and RADIUS points to Microsoft IAS server.
    IAS Server:
    Configure to use Server Certificate and EAP-TLS protocol. Remote Access
    Policies NAS-PORT 802.11 and other, Windows-Group as well.
    CA Aothority:
    Configure to auto distribute user certificated based on group membership.
    Client side:
    Set up a wireless profile using windows: Use WPA and TKIP. Under
    Authentication tab: use Smartcard or other authenticaiton, and enable
    Validate Server Certificate.

    With This configuration, client will able to connect only if User
    certificate, server certificate is validated on both ends(Server and Client).
    It seems like that it is working eventhough that Access Point doesn't support
    802.1x.

    I am not sure if it is as secure as the one that supports 802.1x. Any
    ideas why it is working and how secure is this?

    Regards,
    Jay
     
    =?Utf-8?B?SmF5?=, Apr 5, 2005
    #1
    1. Advertising

  2. The WPA-PSK authentication mode uses a passphrase (basically a string of
    characters) to perform authentication and to create the source material
    (keys) to encrypt the session.

    The WPA authentication uses 802.1x to perform authentication. The key
    source material is derived from the successful 802.1x authentication. If
    the access point is configured for WPA and not WPA-PSK, it is completing a
    full 802.1x authentication to encrypt your session. The 802.1x
    authentication work in conjunction with the WPA security specification and
    this authentication mode would be unable to work without it.

    To answer your original question, it is more secure to use your
    configuration than plain-jane 802.1x over a WEP secured session.

    I hope this reply helps answer your concerns.

    --
    Jerry Peterson
    Windows Network Services - Wireless

    This posting is provided "AS IS" with no warranties, and confers no rights.
    "Jay" <> wrote in message
    news:...
    > Hi,
    >
    > I am using EAP-TLS, and I know that it requires 802.1x complient access
    > point.
    > I am using LinkSys WAP55AG access point wich supports 802.11a/b/g, and
    > surprisingly it is working with EAP-TLS.
    >
    > Here is the config:
    >
    > On AP:
    > RADIUS/TKIP enabled and RADIUS points to Microsoft IAS server.
    > IAS Server:
    > Configure to use Server Certificate and EAP-TLS protocol. Remote Access
    > Policies NAS-PORT 802.11 and other, Windows-Group as well.
    > CA Aothority:
    > Configure to auto distribute user certificated based on group membership.
    > Client side:
    > Set up a wireless profile using windows: Use WPA and TKIP. Under
    > Authentication tab: use Smartcard or other authenticaiton, and enable
    > Validate Server Certificate.
    >
    > With This configuration, client will able to connect only if User
    > certificate, server certificate is validated on both ends(Server and
    > Client).
    > It seems like that it is working eventhough that Access Point doesn't
    > support
    > 802.1x.
    >
    > I am not sure if it is as secure as the one that supports 802.1x. Any
    > ideas why it is working and how secure is this?
    >
    > Regards,
    > Jay
    >
    >
     
    Jerry Peterson[MSFT], Apr 6, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. yar
    Replies:
    4
    Views:
    1,873
    Juan Carlos \(El fortinero\)
    Sep 21, 2004
  2. Ernie
    Replies:
    0
    Views:
    630
    Ernie
    Jan 18, 2004
  3. David Sudjiman
    Replies:
    0
    Views:
    1,275
    David Sudjiman
    Jun 8, 2006
  4. Igor Pinchevskiy

    Slow Point to Point T1 Access Please Help

    Igor Pinchevskiy, Mar 14, 2007, in forum: Cisco
    Replies:
    7
    Views:
    1,281
  5. Nate Goulet
    Replies:
    9
    Views:
    1,317
    Nate Goulet
    Dec 7, 2007
Loading...

Share This Page