Solved: Dynamic key exchange with user authentication

mpayton · ‎05-16-2003

I am trying to build a wireless network with fair security but without the users having to go through multiple authentication procedures such as VPN. Also, cost is an important concern. The features I am trying to get are 128 bit WEP with dynamic key exchange and username/password authentication against an active directory 2000 server environment.

I will be running Cisco AP350 access points with Windows XP/2000 clients using Cisco 350 wireless cards. The users will also have the Aladdin E-tokens to secure the laptops from being used by unauthorized people.

Will I have to use an ACS/ Radius server?

Which 802.1X security protocols will I have to use(if any)?

Cost and setup time are very important on this one so I am looking for heavy use of the KISS principle. Basically, if you had to do this quickly on a budget, how would you do it?

derwin · ‎05-18-2003

If you use LEAP then you can make the username and password the same as the NT logon details and from the ACS server use a remote database being the NT logon server

This should solve your requirements pretty well.

Here is how to setup LEAP on both the AP's and Client cards

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch8.htm

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/350cards/windows/incfg/win5_ch7.htm

View solution in original post

derwin · ‎05-18-2003

If you use LEAP then you can make the username and password the same as the NT logon details and from the ACS server use a remote database being the NT logon server

This should solve your requirements pretty well.

Here is how to setup LEAP on both the AP's and Client cards

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch8.htm

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/350cards/windows/incfg/win5_ch7.htm