WiFi 802.1X Security

Does anyone know when the Aironet access points will be able to use any nominated VLAN as the management VLAN instead of VLAN 1?
Currently we have a successful dot1X (EAP-TLS) implementation running but I am a little concerned with having to use VLAN1.
Ideally I'd like to use bespoke VLAN ID to improve security.
Cheers
DH

Hmm.. The document you point me to is Aironet 1300 whereas I use the 1200. Though I didn't make this completely clear to be fair.
There is a caveat at the start of the 1200 Series docs that states the equipment must use VLAN1 for management and authorisation.
My question was whether Cisco had managed to remove this limitation as most intrusion based attacks on network infrastructure equipment target VLAN 1 by default.
Anybody else got any ideas? I repeat, the WLAN is working fine and this is only a "nice to have" scenario.
Thanks

Similar Messages

  • Use smart card for 802.1x secured WiFi authentication

    Hi,
    is it possible to use a certificate stored on a USB Security Token for WiFi 802.1x authentication?
    I have setup a test environment with all required components (AD, Enterprise CA, NPS, WPA2-Enterprise capable WiFi Access Point, all required certificates, all Server 2012 R2 / Windows 8.1 Pro) and created a user certificate for WPA2-Enterprise secured
    WiFi access (802.1x). Everthing works fine as long as the user certificate is stored in the local certificate store of the user's client computer: The user can connect to the WiFi network and the NPS logs show that the user has been authenticated correctly
    and granted access.
    To test this scenario with a Smart Card (Safenet USB Token), I stored that same user certificate on the token (incl. private key). The Safenet software on the client computer automatically makes the certificate stored on the token available in the local
    certificate store as soon as the token has been plugged in (checked via MMC Certificates snap-in). But the certificate can't obviously be used for the desired WiFi authentication: If I try to connect the secured WiFi (the same as in scenario 1) the connection
    fails.
    As I'm using exactly the same certificate in both scenarios, I don't think there's anything wrong with the settings in the certificate, the NPS or any other infrastructure component. The reason for failure in scenario 2 must be lying somewhere in either
    the local client computer configuration or in the Safenet software on the client computer.
    I'm very familiar with all the PKI and authentication stuff, but I'm new to smart cards. Are there differences between different types of smart cards and for what purpose one can use them? (USB tokens, chip cards, virtual tokens, etc.?)
    Has anybody experience in creating a 802.1x secured WiFi access with smart card based user certificates who could advise?
    Thanks + Best Regards
    Matt

    Hi,
    I found some links form technet site which can be helpful in this case
    Network access authentication and certificates
    http://technet.microsoft.com/en-us/library/cc759575(v=ws.10).aspx
    Enable smart card or other certificate authentication
    http://technet.microsoft.com/en-us/library/cc737336(v=ws.10).aspx
    Quote:
    Client certificate requirements
    With EAP-TLS or PEAP-EAP-TLS, the server accepts the client authentication attempt when the certificate meets the following requirements:
    The client certificate is issued by an enterprise CA or mapped to a user or computer account in Active Directory.
    The user or computer certificate on the client chains to a trusted root CA, includes the Client Authentication purpose in EKU extensions (the object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2), and fails neither the checks that are performed
    by CryptoAPI and specified in the remote access policy nor the Certificate object identifier checks that are specified in IAS remote access policy.
    The 802.1X client does not use registry-based certificates that are either smart card-logon or password-protected certificates.
    For user certificates, the Subject Alternative Name (SubjectAltName) extension in the certificate contains the user principal name (UPN).
    For computer certificates, the Subject Alternative Name (SubjectAltName) extension in the certificate must contain the client's fully qualified domain name (FQDN), which is also called the DNS name
    Yolanda Zhu
    TechNet Community Support

  • Can my mid 2011 macbook air be upgraded to wifi 802.11ac?

    Can my mid 2011 macbook air be upgraded to wifi 802.11ac? I am considering replacing my 802.11n router with the 802.11ac time capsule. Will this effect my download speed on my 802.11n macbook air (mid 2011)? can it be upgraded?

    No, you cannot change the Wi-Fi hardware in your Mac. The Time Capsule is still worth it due to its ability to make backups of your Mac via Time Machine.

  • Setting up eth0 with 802.1X security and a certificate

    Hello,
    I`d like to ask for some help...
    I`m living in a building owned by my university and they have rules about the internet connection. Everything was fine using ubuntu, I just entered a window and filled the form in the 802.1X security tab, username, password, certificate. clicked connect -> DONE
    Now in a hope to learn more about linux I`m trying to get arch linux working, but the first problem I`ve encountered is that I can`t get the connection running...
    So please, could you instruct me what to do?
    I need to set up a connection, let`s call it eth0 for simplicity, and I need to have IPv4 enabled, IPv6 disabled, 802.1X security with a username, password some kind of a Add_Trust.... certificate, let`s call it just cert.pem for simplicity. And I have only the command line interface like... you know, 5  seconds after installing the base and rebooting...
    Thank you very much

    Forum search and google are your friend.
    https://bbs.archlinux.org/viewtopic.php?id=72799
    https://wiki.archlinux.org/index.php/Ne … figuration
    https://wiki.archlinux.org/index.php/WPA_supplicant

  • HT2822 What is the better Connection on Apple TV v2, Ethernet or Wifi 802.11n???? does not support with ethernet gigabit?

    What is the better Connection on Apple TV v2, Ethernet or Wifi 802.11n????
    Does not support with ethernet gigabit?

    If you have stable wifi with good connectivity it should work fine - in reality many people struggle with wifi.
    I was plagued by interference issues with wifi whenever the microwave was used and would always use ethernet now as my first preference for stability.
    As the house is not wired for ethernet several years ago I tried mains powerline network adapters that are made by many companies.
    I use these from Devolo currently:
    http://www.devolo.co.uk/consumer/81_dlan-500-avmini_starter-kit_product-pictures _8.html?l=en
    They are excellent and you can create a wired network in minutes without running long lengths of cable.
    As with wifi they never achieve the highest rated speeds and are dependent on the wiring quality but are more than adequate for HD streaming to multiple AppleTVs.
    Many other manufacturers produce these eg Belkin, Netgear etc as well as lesser known brands.
    AC

  • Powerbook G3 (WallStreet) OSX compatible with  PCMCIA Belkin WiFi 802.11G ?

    Hello
    Do you know it the PCMCIA card Belkin WiFi 802.11G sold on the Apple Store is compatible with an old Powerbook G3 WallStreet (without USB and Firewire)?
    I will install the macOsX 10.3 system on it.
    Thanks for your help

    Michel,
    Belkin has had a variety of wifi PC cards with confusing model numbers and version numbers.
    The Belkin F5D7010: Supposedly there are three versions(!); v1 and v2 supported Apple's AirPort software (Mac OS X 10.2.8 or newer and AirPort 3.1.1 or newer) since it used the Broadcom chipset. Then v3 was released and it was no longer supported by AirPort. BelKin then released drivers for v3 which apparently solved the problem.
    The Belkin F5D7011: This card supposedly uses the Broadcom chipset and is fully supported by AirPort.
    http://catalog.belkin.com/IWCatProductPage.process?MerchantId=&ProductId=179466#
    Or you could buy one of these cards where there is no question about support:
    http://www.sonnettech.com/product/aria_extreme.html
    http://www.macsense.com/product/broadband/WPE800.html
    http://www.asante.com/products/productsLvl3/AL5403_XG.asp
    http://www.buffalotech.com/wireless/products/airstation/WLICBG54A.html

  • 802.1x secure protocol for Wifi

    At my school, when users first access a webpage from the Wifi network, we are automatically redirected to a webpage where we have to enter a UserID and password. It is at the webpage where we enter the ID and password. Now, is this using the 802.1x method of network password? Thanks!

    A A P L wrote:
    Sounds like it.
    Ugh...that's not good I was hoping that this current version of the iPod Touch would be useable with my school's wifi network. I guess not. I may just have to wait for the next versions to come out and hopefully this popular protocol would be implemented.

  • WiFi ( 802.1x EAP TTLS PAP ): Unable to connect since 2.3.3 update

    I previously posted this on the Motorola Owner's Forum and am still waiting for a fix or at least an official confirmation of the problem. 
    Ever since the 2.3.3 update, I have been unable to connect to the wireless network at work.  The connection worked fine prior to the update.  The connection at home with WPA still works fine. 
    The network status cycles through the following sequence:
    Scanning...
    Connecting to <network>...
    Obtaining IP address from <network>...
    Disconnected 
    The corporate configuration is as follows:
    Security: 802.1x
    EAPEAP method: TTLS
    Phase 2 authentication: PAP
    CA certificate: (unspecified)
    User certificate: (unspecified)
    Use proxy server: (unchecked) 
    When I go into Manage Networks and select Modify network for the configuration, I find that Phase 2 authentication always shows None.  If I change it to PAP and then click Save, the setting does not stick: the next time I check the configuration, it is None. 
    I've done a factory reset.  I've configured the network settings with WiFi Advanced Configuration Editor.  I've configured the network settings with WiFiConfig Editor Pro.  All to no avail. 
    Please help.  I need to be able to connect to the corporate network.  If there is a known issue, it would be nice if someone would at least confirm it. Thank you.

    My original Droid actually worked with the Andriod 2.0 release, but 2.1 broke it and it hasn't worked since.  I believe the Android codebase DID fix this, however Verizon has not made it a priority to include the fix in their releases.  I now have a Droid 4 running 2.3.6 and it is still broken.  Many of my coworkers have this same issue, but ONLY THE ONES ON VERIZON!  Other carriers have apparently figured out how to port this fix into their releases, regardless of which Android phone. 
    Come on Verizon, fix this so we can stop wasting your 4G bandwidth!!!

  • Wifi 802.11n missing? Also the multitasking Any App Any Time is misleading.

    All the reviews I read were saying the 4G was supposed to have 802.11N but my new 4G that I just got this morning only sees my 54G network and not the N network. Bummer. Was hoping Wifi would be faster than my old 3G but unless I can't find somewhere to activate this speed I guess those were all false rumors.
    Oh and I really don't see any multitasking in my 3rd party apps like the iPhone 4G Apple page says - they say Any app, any time. All my 3rd party apps do is restart when I switch back and forth to them. I don't call that multitasking but rather just a smart shortcut bar that merely remembers the most recent apps I used. Maybe its app dependent, but they shouldn't claim Any App Any Time if it isn't true.

    This link should help you a lot: http://db.tidbits.com/article/10125
    You must put the 2.4Ghz network with the N as well. It might be only running b/g.
    What I did at home was set up AEBS to use 5GHZ to my Mac, and 2.4GHZ for other deviced b/g and N.
    The iPad was on the 5GHz as well but somehow (a bug maybe) the 2.4GHz seems better for it as well. Can't explain that.. gave up and 2.4GHZ N it's working fine

  • WLC 5508 - 802.11n using 802.1X security

    WLC 5508 product version: 6.0.199.4
    AP: AIR-LAP1142N-S-K9
    The connection can reach up to 144Mbps when using WPA2 with AES (Layer 2 security), WMM allowed (QOS). But when I use 802.1X (Layer 2 security), can only reach up to 54Mbps.
    Any special setting when using 802.1X to reach 144Mbps?
    Or do I need to upgrade?
    Any help is very much appreciated.

    Change the field "layer 2 security to " WPA+WPA2"
    in the below section in authentication key managment set the checkmark for "802.1X"
    That should solve the issue.

  • Why do you need a copy of my wife's social security CARD?

    My wife tried to move from her parents family share plan to her own plan. Already a Verizon customer, she was asked to fax her social security CARD to corporate verizon. When asked why her card is needed and not all others who sign up, she was told this was a "Random" policy, like being selected at TSA. This did not make her feel very comfortable in sharing such personal information. Is anyone able to provide a better answer as to why her card is needed? She has excellent credit and is already a customer! If she gets no answer, she is going to AT&T.

    She does not have an issue providing her social security number in order to perform the background check- she did so. The issue we are having it that she was then told that she needed to fax her drivers license and social security card in order to complete the credit check. When she asked why, the answer was "just because". She asked if everyone had to do this, and was told no. So she asked why SHE in particular needed to, and no one could answer that question. She does not feel comfortable doing this, and she should not have to if it's not required of everyone.
    She would like to be able to set up her account without faxing her social security card, like many other people are able to. Can you please let me know who we can contact to make that happen?

  • Internet sharing wifi 802.11b/g

    Hi. I don't know if this is possible or maybe I'm looking at it at the wrong way. I am trying to share internet from my MBP via Wifi. But the other non mac laptops can't connect to it. They can see the wifi connection, but they can't connect to it.
    I'm thinking that my MBP is broadcasting in 802.11n while the other laptops only have 802.11b/g. If this is the case, can i make my MBP broadcast in 802.11b/g?
    If this isn't the case, what can I do to give them internet?
    My ipod touch does get internet from this broadcast though.
    Thanks in advance.
    Droopox 

    You can definitely share wireless from your laptop by setting up what's known as an 'ad hoc network'. Usually this means that the IPs issued are in the 169.254.x.y range, which is otherwise better known as APIPA and when not being used as an ad hoc network range indicates that there's a problem with the DHCP server.
    You can also turn on DHCP yourself and set up a valid private range, usually in the 192.168.x.y range.
    Your laptop will work with 802.11n, g, b, and a systems.
    You will need to turn on Internet Sharing, select the relevant ports, and turn off the relevant firewall entries. Other devices will need to pick up the signal (which will not be strong) and will need to use the correct network.

  • Jelly Bean (4.1.1) update stops Wifi 802.1x

    Since getting the upgrade on my RAZR MAXX HD, I can no longer connect to wifi that requires 802.1x authentication (EAP/TLS/MSCHAPV2). Anybody have any solutions?

    Good luck...the note 3 or the note 4 (LOL) will be out before we ever see an update.  Verizon couldn't send out a timely update if their business depended on it.  They are by far the worst when it comes to customer service, timely updates, and branding phones with their ridiculous logo.  Bottom line, we have the downgraded version of the note 2 compared to the competitors.  We are still lacking several features/settings/widgets.  It is truly a disappointment.  Stay with Verizon, and that will always be the case.  They have proven that time and time again.

  • Has Apple fixed 802.1x security problems with new apps?

    Previous versions of the software are unable to connect to many wi-fi networks due to poor support for enterprise security standards. This means that it is impossible to connect to many corporate or university networks. It also means that I cannot connect in the Air Canada lounges with the DataValet service that I normally use. It makes little sense to buy these apps when the underlying wi-fi service is so crippled.
    Does anyone know if 802.1x is properly supported now?

    Either there's a [secret in 1.1.3 that no one knows about except you|http://digg.com/apple/No802_1x_in_iPhone_patch_1_1_3_Where_is_the_loveApple], or you're confusing [802.1x|http://en.wikipedia.org/wiki/802.1x] and [802.11|http://en.wikipedia.org/wiki/802.11].

  • Lenovo Ideacentre B540p Wifi 802.11b/g/n Able to Detect 5Ghz?

    I am currently using asus router RT-N56U (Dual band - 2.4Ghz & 5Ghz) to share a 200mbps fibre boardband.
    However, Lenovo B540p wireless network connection is unable to detect the router's 5Ghz network, only able to detect 2.4Ghz. I thought 802.11n is supposed to detect both 2.4Ghz & 5Ghz?
    Solved!
    Go to Solution.

    hi  wenlianglo,
    Welcome to Lenovo Community Forums!
     The Wifi cards provided on this model onlys supports single band up to 802.11b/g/n 2.4ghz
    It will not be able to detect the 5ghz band network.
    It is somewhat similar to this brand and model that max out at 2.4ghz
    http://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/wireless-n-7260-bluetooth...
    The 5ghz version of that is a Wireless AC 7260 that operates at 2.4 and 5ghz.
    Best Regards
    Solid Cruver
    Did someone help you today? Press the star on the left to thank them with a Kudo!
    If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
    Follow @LenovoForums on Twitter!

Maybe you are looking for