[c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question..

Scott Granados gsgranados at comcast.net
Mon Nov 30 14:16:53 EST 2009 

Not to be confused with WPA2-psk which is like WPA psk but uses aes instead 
of TKIP cryptography.



----- Original Message ----- 
From: "Scott McGrath" <mcgrath at fas.harvard.edu>
To: "'cisco-nsp'" <cisco-nsp at puck.nether.net>
Sent: Monday, November 30, 2009 10:47 AM
Subject: Re: [c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question..


> Since there is WPA-PSK and WPA2 often known as Enterprise,
>
> The real difference is that WPA-PSK uses a fixed 'pre-shared' key to 
> encrypt the link between the AP and the supplicant,   Enterprise assumes 
> that a RADIUS server is available to authenticate the session and set the 
> key for the session.    What has not been discussed is what protocol is 
> being used for these PEAP and/or EAP-TTLS are valid choices,
>
> The encryption scheme is 'better' on enterprise as the key is not known 
> before session instantiation,   But WPA-PSK (aka Personal) and WPA2 both 
> use the same cipher set to protect the session so the link is as secure 
> but if the key is disclosed to unauthorized users the wireless network 
> effectively has no security whereas WPA2 uses a user database and if the 
> user's credentials are disclosed the endpoint can be deauthenticated and 
> the users credentials changed.   Whereas WPA-PSK requires reconfiguration 
> of the AP(s) and supplicant reconfiguration,
>
> Hope this helps
>
> - Scott
>
> Tony Varriale wrote:
>> What type of "enterprise" are you interested in?  What's your user 
>> database?
>>
>> tv
>> ----- Original Message ----- 
>> From: "Howard Leadmon" <howard at leadmon.net>
>> To: "'cisco-nsp'" <cisco-nsp at puck.nether.net>
>> Sent: Saturday, November 28, 2009 12:35 PM
>> Subject: [c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question..
>>
>>
>>
>>>  I have a question hopefully someone can give me a pointer or shed some
>>> light on..
>>>
>>>
>>>
>>> I have both an Aironet 1242AG and now a 1252AG access point, which are
>>> working fine.   I have WPA2-Personal with a shared key setup and running
>>> great as well.   As it was my impression that Vista and Win7 both 
>>> supported
>>> Enterprise authentication, which I figured would be better and more 
>>> secure
>>> than using the personal shared key stuff.
>>>
>>>
>>>
>>> I have tried, and googled, and I for the life of me just can't seem to 
>>> get
>>> Enterprise auth going..   Does anyone have any docs on getting the 
>>> Aironet
>>> and Windows to play together, configs, or links to info that will help?
>>> Just FYI, I am trying to use the radius server built into the AP, as I
>>> figured that would be simple enough, hopefully doing that is ok..
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ---
>>>
>>> Howard Leadmon
>>>
>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list