[c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question..

Scott McGrath mcgrath at fas.harvard.edu
Mon Nov 30 14:29:43 EST 2009 

That's what I LIKE about standards - SO MANY incompatible ones to choose 
from...

- Scott

Scott Granados wrote:
> Not to be confused with WPA2-psk which is like WPA psk but uses aes instead 
> of TKIP cryptography.
>
>
>
> ----- Original Message ----- 
> From: "Scott McGrath" <mcgrath at fas.harvard.edu>
> To: "'cisco-nsp'" <cisco-nsp at puck.nether.net>
> Sent: Monday, November 30, 2009 10:47 AM
> Subject: Re: [c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question..
>
>
>   
>> Since there is WPA-PSK and WPA2 often known as Enterprise,
>>
>> The real difference is that WPA-PSK uses a fixed 'pre-shared' key to 
>> encrypt the link between the AP and the supplicant,   Enterprise assumes 
>> that a RADIUS server is available to authenticate the session and set the 
>> key for the session.    What has not been discussed is what protocol is 
>> being used for these PEAP and/or EAP-TTLS are valid choices,
>>
>> The encryption scheme is 'better' on enterprise as the key is not known 
>> before session instantiation,   But WPA-PSK (aka Personal) and WPA2 both 
>> use the same cipher set to protect the session so the link is as secure 
>> but if the key is disclosed to unauthorized users the wireless network 
>> effectively has no security whereas WPA2 uses a user database and if the 
>> user's credentials are disclosed the endpoint can be deauthenticated and 
>> the users credentials changed.   Whereas WPA-PSK requires reconfiguration 
>> of the AP(s) and supplicant reconfiguration,
>>
>> Hope this helps
>>
>> - Scott
>>
>> Tony Varriale wrote:
>>     
>>> What type of "enterprise" are you interested in?  What's your user 
>>> database?
>>>
>>> tv
>>> ----- Original Message ----- 
>>> From: "Howard Leadmon" <howard at leadmon.net>
>>> To: "'cisco-nsp'" <cisco-nsp at puck.nether.net>
>>> Sent: Saturday, November 28, 2009 12:35 PM
>>> Subject: [c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question..
>>>
>>>
>>>
>>>       
>>>>  I have a question hopefully someone can give me a pointer or shed some
>>>> light on..
>>>>
>>>>
>>>>
>>>> I have both an Aironet 1242AG and now a 1252AG access point, which are
>>>> working fine.   I have WPA2-Personal with a shared key setup and running
>>>> great as well.   As it was my impression that Vista and Win7 both 
>>>> supported
>>>> Enterprise authentication, which I figured would be better and more 
>>>> secure
>>>> than using the personal shared key stuff.
>>>>
>>>>
>>>>
>>>> I have tried, and googled, and I for the life of me just can't seem to 
>>>> get
>>>> Enterprise auth going..   Does anyone have any docs on getting the 
>>>> Aironet
>>>> and Windows to play together, configs, or links to info that will help?
>>>> Just FYI, I am trying to use the radius server built into the AP, as I
>>>> figured that would be simple enough, hopefully doing that is ok..
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---
>>>>
>>>> Howard Leadmon
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>         
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>>       
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/ 
>>     
>
>

More information about the cisco-nsp mailing list