Enterprise wireless authentication without pki?

Discussion in 'Cisco' started by Michael Letchworth, Aug 21, 2006.

  1. I'm trying to figure out what to use for an enterprise environment. I
    don't want to use a commercial certificate or manage certificates on
    each workstation either.

    I keep reading about eap-ttls but I cant find any document about setting
    it up in a large network. I'm trying to setup a bunch of 1230 AP's to
    authenticate to an AD on 2003 server running IAS.

    I understand that LEAP is not so secure but PEAP requires a $350
    certificate every year.

    Does anyone have suggestions that I can do to get good encryption and
    secure authentication?

    Thanks.
    Michael Letchworth, Aug 21, 2006
    #1
    1. Advertising

  2. Michael Letchworth

    RentonHe Guest

    Hi,I think you can choose PEAP which is required server-side
    certificate only.
    You can setup a private enterprise root CA server thru MS 2003
    server(it's free).

    All you need to do is to enroll a server certificate from this CA(no
    need for user certificate) and distribute root certificate for each
    user(you can do that by put it in a Intranet web or push it to end user
    by group policy)

    Michael Letchworth wrote:
    > I'm trying to figure out what to use for an enterprise environment. I
    > don't want to use a commercial certificate or manage certificates on
    > each workstation either.
    >
    > I keep reading about eap-ttls but I cant find any document about setting
    > it up in a large network. I'm trying to setup a bunch of 1230 AP's to
    > authenticate to an AD on 2003 server running IAS.
    >
    > I understand that LEAP is not so secure but PEAP requires a $350
    > certificate every year.
    >
    > Does anyone have suggestions that I can do to get good encryption and
    > secure authentication?
    >
    > Thanks.
    RentonHe, Aug 21, 2006
    #2
    1. Advertising

  3. Could you elaborate more? I loaded the root ca cert and ias on the a
    2003 AD box. I'm new to the Cisco wireless ap's. I was thinking about
    TTLS but I would have to load a supplicant so I was hopping that it
    would be easier to do peap.

    I'm guessing I create a PKI and store that on the server. How does that
    get to the AP and then to the laptop?

    Thanks for your help.

    RentonHe wrote:
    > Hi,I think you can choose PEAP which is required server-side
    > certificate only.
    > You can setup a private enterprise root CA server thru MS 2003
    > server(it's free).
    >
    > All you need to do is to enroll a server certificate from this CA(no
    > need for user certificate) and distribute root certificate for each
    > user(you can do that by put it in a Intranet web or push it to end user
    > by group policy)
    >
    > Michael Letchworth wrote:
    >> I'm trying to figure out what to use for an enterprise environment. I
    >> don't want to use a commercial certificate or manage certificates on
    >> each workstation either.
    >>
    >> I keep reading about eap-ttls but I cant find any document about setting
    >> it up in a large network. I'm trying to setup a bunch of 1230 AP's to
    >> authenticate to an AD on 2003 server running IAS.
    >>
    >> I understand that LEAP is not so secure but PEAP requires a $350
    >> certificate every year.
    >>
    >> Does anyone have suggestions that I can do to get good encryption and
    >> secure authentication?
    >>
    >> Thanks.

    >
    Michael Letchworth, Aug 25, 2006
    #3
  4. Michael Letchworth wrote:
    > Could you elaborate more? I loaded the root ca cert and ias on the a
    > 2003 AD box. I'm new to the Cisco wireless ap's. I was thinking about
    > TTLS but I would have to load a supplicant so I was hopping that it
    > would be easier to do peap.
    >
    > I'm guessing I create a PKI and store that on the server. How does that
    > get to the AP and then to the laptop?
    >
    > Thanks for your help.
    >
    > RentonHe wrote:
    >> Hi,I think you can choose PEAP which is required server-side
    >> certificate only.
    >> You can setup a private enterprise root CA server thru MS 2003
    >> server(it's free).
    >>
    >> All you need to do is to enroll a server certificate from this CA(no
    >> need for user certificate) and distribute root certificate for each
    >> user(you can do that by put it in a Intranet web or push it to end user
    >> by group policy)
    >>
    >> Michael Letchworth wrote:
    >>> I'm trying to figure out what to use for an enterprise environment. I
    >>> don't want to use a commercial certificate or manage certificates on
    >>> each workstation either.
    >>>
    >>> I keep reading about eap-ttls but I cant find any document about setting
    >>> it up in a large network. I'm trying to setup a bunch of 1230 AP's to
    >>> authenticate to an AD on 2003 server running IAS.
    >>>
    >>> I understand that LEAP is not so secure but PEAP requires a $350
    >>> certificate every year.
    >>>
    >>> Does anyone have suggestions that I can do to get good encryption and
    >>> secure authentication?
    >>>
    >>> Thanks.

    >>
    Michael Letchworth, Aug 25, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael

    PIX plus PKI

    Michael, Dec 18, 2003, in forum: Cisco
    Replies:
    3
    Views:
    721
    Jason Kau
    Dec 18, 2003
  2. jt

    PKI

    jt, Feb 17, 2004, in forum: Cisco
    Replies:
    0
    Views:
    663
  3. Thomas Kuborn

    PKI book

    Thomas Kuborn, May 28, 2004, in forum: Cisco
    Replies:
    0
    Views:
    556
    Thomas Kuborn
    May 28, 2004
  4. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "PKI Security Solutions for the Enterprise", Kapil Raina

    Rob Slade, doting grandpa of Ryan and Trevor, Feb 4, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    606
    Rob Slade, doting grandpa of Ryan and Trevor
    Feb 4, 2004
  5. =?Utf-8?B?V291dGVyNzhOTA==?=

    PKI certificate authority Windows 2003 enterprise

    =?Utf-8?B?V291dGVyNzhOTA==?=, Jan 24, 2007, in forum: MCSE
    Replies:
    0
    Views:
    354
    =?Utf-8?B?V291dGVyNzhOTA==?=
    Jan 24, 2007
Loading...

Share This Page