Wireless rollout

nicholas_ · ‎02-01-2006

Myself and the team of idividuals i am working with are creating on a design for a city wide wireless network that will be used by an ISP to provide wireless access.

This is the first large scale project on this complexity level we have attempted and are hoping to have some light shed on a few things..

Can anyone reccommend a cisco product and set up (NAS?) that can be used for user authentication to the network. The first thing that popped into our heads was a RADIUS server with a captive portal, but it is seeming this might not be a feasable solution.

Second question is routing. We have a block of allocated WAN (internet) IP's. What sort of hardware and setup should we be using to assign these internet accessible IP's to the end user (wireless clients)

Thank you in advance, any ideas are much appreciated.

~Nick

smahbub · ‎02-07-2006

With 802.1X authentication, mutual authentication is implemented between the client and a Remote Authentication Dial-In User Service (RADIUS) server connected to the access point. The credentials used for authentication, such as a logon password, are never transmitted without encryption over the wireless medium. Most 802.1X types support dynamic per-user, per-session Wired Equivalent Privacy (WEP) keys to remove the administrative burden and security issues surrounding static WEP keys.

With the Cisco Wireless Security Suite, an 802.1X-based enterprise-class security solution, customers may choose from a variety of 802.1X EAP authentication typesincluding LEAP, EAP-TLS, and PEAPto secure their wireless LANs (WLAN).

LEAPServer and client authentication via a user-supplied logon password. Supported on all current versions of Windows, Windows CE, Mac OS, Linux, and MS-DOS.

EAP-TLSServer and client authentication via digital certificates. Supported on Windows XP.

PEAPServer authentication via a digital certificate; client authentication via a user-supplied password or OTP. Supported on Windows XP