[c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question..

Scott McGrath mcgrath at fas.harvard.edu
Mon Nov 30 13:47:29 EST 2009 

Since there is WPA-PSK and WPA2 often known as Enterprise,

The real difference is that WPA-PSK uses a fixed 'pre-shared' key to 
encrypt the link between the AP and the supplicant,   Enterprise assumes 
that a RADIUS server is available to authenticate the session and set 
the key for the session.    What has not been discussed is what protocol 
is being used for these PEAP and/or EAP-TTLS are valid choices,

The encryption scheme is 'better' on enterprise as the key is not known 
before session instantiation,   But WPA-PSK (aka Personal) and WPA2 both 
use the same cipher set to protect the session so the link is as secure 
but if the key is disclosed to unauthorized users the wireless network 
effectively has no security whereas WPA2 uses a user database and if the 
user's credentials are disclosed the endpoint can be deauthenticated and 
the users credentials changed.   Whereas WPA-PSK requires 
reconfiguration of the AP(s) and supplicant reconfiguration,

Hope this helps

- Scott

Tony Varriale wrote:
> What type of "enterprise" are you interested in?  What's your user database?
>
> tv
> ----- Original Message ----- 
> From: "Howard Leadmon" <howard at leadmon.net>
> To: "'cisco-nsp'" <cisco-nsp at puck.nether.net>
> Sent: Saturday, November 28, 2009 12:35 PM
> Subject: [c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question..
>
>
>   
>>  I have a question hopefully someone can give me a pointer or shed some
>> light on..
>>
>>
>>
>> I have both an Aironet 1242AG and now a 1252AG access point, which are
>> working fine.   I have WPA2-Personal with a shared key setup and running
>> great as well.   As it was my impression that Vista and Win7 both 
>> supported
>> Enterprise authentication, which I figured would be better and more secure
>> than using the personal shared key stuff.
>>
>>
>>
>> I have tried, and googled, and I for the life of me just can't seem to get
>> Enterprise auth going..   Does anyone have any docs on getting the Aironet
>> and Windows to play together, configs, or links to info that will help?
>> Just FYI, I am trying to use the radius server built into the AP, as I
>> figured that would be simple enough, hopefully doing that is ok..
>>
>>
>>
>>
>>
>>
>>
>> ---
>>
>> Howard Leadmon
>>
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/ 
>>     
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list