Secure Wireless for non-public network, Windows Server 2003 R2, Linksys APs

Discussion in 'Wireless Networking' started by bjriffel@hotmail.com, Jan 19, 2007.

  1. Guest

    Here is the scenario. Right now this is on my test network.

    Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
    ver. 3 access point. I need a secure wireless network. I need all
    traffic encrypted as well as restricting access ONLY to those with a
    domain login (and possibly restricting only to known MAC addresses).

    I'm assuming that I'll be using a RADIUS server of some sort. I have
    IAS running on the 2003R2 box, as well at cert services.

    What type of authentication do I need to enable on the AP, and how do I
    set it up on the domain? I've established a shared secret and all of
    that business, but I'd kind of like to start from scratch and here some
    of your ideas and suggestions.

    If I should just go with some 3rd party software, that is fine to
    suggest as well. I'd like to stay away from buying Cisco equipment or
    software, simply because of budgetary constraints. Linksys is cheap,
    and I think in the end, it can provide everything we need.

    Thanks
    Brandon Riffel
     
    , Jan 19, 2007
    #1
    1. Advertising

  2. Hi
    I think that an issue like this is a little beyond the scope of newsgroup.
    There is a lot of info pertaining issues like this in Microsoft's TechNet.
    Example,
    http://www.microsoft.com/technet/community/chats/trans/isa/isa0316.mspx
    Search further the site and you would be able to gather an adequate
    solution.
    Jack (MVP-Networking).

    <> wrote in message
    news:...
    > Here is the scenario. Right now this is on my test network.
    >
    > Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
    > ver. 3 access point. I need a secure wireless network. I need all
    > traffic encrypted as well as restricting access ONLY to those with a
    > domain login (and possibly restricting only to known MAC addresses).
    >
    > I'm assuming that I'll be using a RADIUS server of some sort. I have
    > IAS running on the 2003R2 box, as well at cert services.
    >
    > What type of authentication do I need to enable on the AP, and how do I
    > set it up on the domain? I've established a shared secret and all of
    > that business, but I'd kind of like to start from scratch and here some
    > of your ideas and suggestions.
    >
    > If I should just go with some 3rd party software, that is fine to
    > suggest as well. I'd like to stay away from buying Cisco equipment or
    > software, simply because of budgetary constraints. Linksys is cheap,
    > and I think in the end, it can provide everything we need.
    >
    > Thanks
    > Brandon Riffel
    >
     
    Jack \(MVP-Networking\)., Jan 19, 2007
    #2
    1. Advertising

  3. hath wroth:

    >Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
    >ver. 3 access point. I need a secure wireless network. I need all
    >traffic encrypted as well as restricting access ONLY to those with a
    >domain login (and possibly restricting only to known MAC addresses).


    You might find the WAP54G v3.0 to be a bit too crude. It's major
    failings are a tendency to hang and an inability to handle more than
    about 10 simultaneous connections.

    >I'm assuming that I'll be using a RADIUS server of some sort. I have
    >IAS running on the 2003R2 box, as well at cert services.


    IAS Server 2004 includes RADIUS services. For example:
    <http://www.enterasys.com/support/manuals/Pol_Mgr1_8-web/docs/p_win2000_config.html>
    <http://www.microsoft.com/whdc/device/network/802x/AccessPts.mspx>
    <http://www.microsoft.com/technet/community/chats/trans/isa/isa0316.mspx>
    etc...
    Setup your access point for WPA-RADIUS and or WPA-ENTERPRISE (same
    thing) and point to the ISA server.

    >What type of authentication do I need to enable on the AP, and how do I
    >set it up on the domain?


    See above URL for instructions on how to setup RADIUS.

    >I've established a shared secret and all of
    >that business, but I'd kind of like to start from scratch and here some
    >of your ideas and suggestions.


    Wrong. RADIUS is a replacement for the system wide wireless shared
    key. For each session, a new and unique encryption key is issued by
    the RADIUS server to both the access point and client. This is the
    prime advantage of RADIUS... there no shared key.

    >If I should just go with some 3rd party software, that is fine to
    >suggest as well.


    There are 3rd party RADIUS servers and online authentication services
    available, but your Win2003r2 server has everything you need. Since
    you like Linksys, they also provide such an online authentication
    service:
    <http://www.linksys.com/wirelessguard/>

    >I'd like to stay away from buying Cisco equipment or
    >software, simply because of budgetary constraints. Linksys is cheap,
    >and I think in the end, it can provide everything we need.


    Methinks you're making a mistake. If you find Cisco to be overly
    expensive, perhaps something in the middle like 3Com or Sonicwall
    might be more affordable. Cheap security is an oxymoron.

    --
    Jeff Liebermann -cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    Skype: JeffLiebermann AE6KS 831-336-2558
     
    Jeff Liebermann, Jan 19, 2007
    #3
  4. John Navas Guest

    On 19 Jan 2007 07:35:56 -0800, wrote in
    <>:

    >Here is the scenario. Right now this is on my test network.
    >
    >Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
    >ver. 3 access point. I need a secure wireless network. I need all
    >traffic encrypted


    Are you talking wireless client to wireless client security, or only
    wireless to the outside world security?

    >as well as restricting access ONLY to those with a
    >domain login (and possibly restricting only to known MAC addresses).


    MAC filtering is easily spoofed and thus a waste of time.

    >I'm assuming that I'll be using a RADIUS server of some sort. I have
    >IAS running on the 2003R2 box, as well at cert services.
    >
    >What type of authentication do I need to enable on the AP, and how do I
    >set it up on the domain? I've established a shared secret and all of
    >that business, but I'd kind of like to start from scratch and here some
    >of your ideas and suggestions.
    >
    >If I should just go with some 3rd party software, that is fine to
    >suggest as well. I'd like to stay away from buying Cisco equipment or
    >software, simply because of budgetary constraints. Linksys is cheap,
    >and I think in the end, it can provide everything we need.


    Consider running DD-WRT firmware on an appropriate Linksys box (not the
    [ugh] WAP54G).

    --
    Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
    John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
    Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
    Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
     
    John Navas, Jan 25, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page