Hardening Wireless LAN Connections, Part 2 - Configuring WPA Using RADIUS/802.1x

(Page 5 of 8 )

NOTE: The Dell TrueMobile 2300 wireless access router does not support WPA and RADIUS/802.1x.

Using WPA with RADIUS/802.1x allows you to take full advantage of the benefits of the increased security that WPA provides while gaining the scalability that WPA with pre-shared keys does not provide. Before you can configure the WAP to use RADIUS, you need to make sure you have configured your RADIUS server to accept client connections from the WAP and have configured a shared secret. We will look at how to add and configure RADIUS clients in more detail in Chapter 9.

NOTE:  The Cisco Aironet 1200 WAP does not support WPA and RADIUS/802.1x without the use of a third-party supplicant such as the Funk Odyssey Client (http://www.funk.com) or the Meetinghouse Data Communications AEGIS client (http://www.meetinghousedata.com/). Refer to these vendors for the client-side configuration to support WPA and RADIUS/802.1x.

Configuring the Cisco Aironet 1200 to support WPA and RADIUS/802.1x is a multistep process. First, you need to make sure you have installed and configured Cisco Secure ACS on your network. We will cover installing and configuring the Cisco Secure ACS in detail in Chapter 9. Second, you will need to install a third-party supplicant on the wireless client. This is extremely important because Cisco devotes only one sentence to this—and it’s buried deep in a technical note. If you don’t do this, you will likely find yourself spending a couple hours thinking, “I’ve done everything that should make it work.”

The actual WAP configuration is relatively straightforward. You need to configure the encryption cipher just like you did for the WPA-PSK configuration. The difference is at the Security | SSID Manager screen. Select the SSID you want to configure and scroll down to the Authentication Settings section. Select the Open Authentication check box and choose “With EAP” from the drop-down list. Next, select the Network EAP check box with in the drop-down list, as shown here. When you are finished, click Apply.

To configure WPA with RADIUS on the Linksys WAP54G, you will need to return to the Security Settings screen, shown here. Select WPA RADIUS for the security mode and specify the WPA algorithm. Enter the IP address and port number for the RADIUS server. Enter the shared key that is required to allow the WAP to authenticate with the RADIUS server and then specify the key renewal timeout. When you have finished, click Save Settings.

This is from Hardening Network Infrastructure, by Wesely Noonan (McGraw-Hill/Osborne, ISBN 0072255021). Check it out at your favorite bookstore today. Buy this book now.