[c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question..
Scott McGrath
mcgrath at fas.harvard.edu
Mon Nov 30 13:47:29 EST 2009
Since there is WPA-PSK and WPA2 often known as Enterprise,
The real difference is that WPA-PSK uses a fixed 'pre-shared' key to
encrypt the link between the AP and the supplicant, Enterprise assumes
that a RADIUS server is available to authenticate the session and set
the key for the session. What has not been discussed is what protocol
is being used for these PEAP and/or EAP-TTLS are valid choices,
The encryption scheme is 'better' on enterprise as the key is not known
before session instantiation, But WPA-PSK (aka Personal) and WPA2 both
use the same cipher set to protect the session so the link is as secure
but if the key is disclosed to unauthorized users the wireless network
effectively has no security whereas WPA2 uses a user database and if the
user's credentials are disclosed the endpoint can be deauthenticated and
the users credentials changed. Whereas WPA-PSK requires
reconfiguration of the AP(s) and supplicant reconfiguration,
Hope this helps
- Scott
Tony Varriale wrote:
> What type of "enterprise" are you interested in? What's your user database?
>
> tv
> ----- Original Message -----
> From: "Howard Leadmon" <howard at leadmon.net>
> To: "'cisco-nsp'" <cisco-nsp at puck.nether.net>
> Sent: Saturday, November 28, 2009 12:35 PM
> Subject: [c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question..
>
>
>
>> I have a question hopefully someone can give me a pointer or shed some
>> light on..
>>
>>
>>
>> I have both an Aironet 1242AG and now a 1252AG access point, which are
>> working fine. I have WPA2-Personal with a shared key setup and running
>> great as well. As it was my impression that Vista and Win7 both
>> supported
>> Enterprise authentication, which I figured would be better and more secure
>> than using the personal shared key stuff.
>>
>>
>>
>> I have tried, and googled, and I for the life of me just can't seem to get
>> Enterprise auth going.. Does anyone have any docs on getting the Aironet
>> and Windows to play together, configs, or links to info that will help?
>> Just FYI, I am trying to use the radius server built into the AP, as I
>> figured that would be simple enough, hopefully doing that is ok..
>>
>>
>>
>>
>>
>>
>>
>> ---
>>
>> Howard Leadmon
>>
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list