I am so confused about wireless security. Someone please explain some things for me in little words!
We are deploying a wireless setup using aironet 1100 APs and 1300 Bridges. We have a mix of XP Pro and XP Home (arrrg) machines.
Right now i have everything set up using wpa-psk w/tkip. But i would like to deploy authentication into the mix. But there are so many auth types out there i don't know what is the best for us, or whether anything is right for us. The thoughts of rolling out a radius box is frightening simply because i haven't done any of that sort of thing before.
Ultimately this wireless setup will be transporting voice along with data via vlans and a dot1q trunk between the bridges. So from what i have read we will need WDS for fast roaming, another confusing topic.
Can someone give me some advice on what we should do?
Well.... One thing is if you want a higher secure method, you will have to use certificates. PEAP is probobly the most deployed method and the simplest EAP method. This would require you to build an IAS server (comes with windows server) and a Certificate Authority Server which also comes with Windows Server. Just do a search on Google.. configure 802.1x windows server 2003 and you will find some good articles on setting this up. WDS for fast roaming requires the use of Cisco wireless cards or cards that are CCK2 compliant. If you are using internal cards, fast roaming will not work. They will however work if you are using Cisco 7920 ip phones. Hope this kind of helps.
Thanks, i will google that stuff and see what comes up. See some of the clients are XP Home, so i am not sure whether peap certs will work from a dc?
Thanks for you help!
If you want to run WPA2 and some of your clients do not support it, try to install the hotfix:
Since XP home does not join a domain, users still can be created in AD and the client would then enter the username and password one time.