802.1x or WPA-Enterprise or Radius

Similar Messages

• HT1338 WHAT IS 802.1 MEANING? HOW CAN I CHOOSE ABOUT OPTION INSIDE BETWEEN 802.1WEP OR WPA ENTERPRISE? WHAT'S DIFFERENT? T

  WHAT IS 802.1 MEANING? HOW CAN I CHOOSE ABOUT OPTION INSIDE BETWEEN 802.1WEP OR WPA ENTERPRISE? WHAT'S DIFFERENT?

  802.11 refers to a document that specifies how wireless networking works. It goes into detail about the radio signals, frequencies, signal strengths, encoding of data, etc. From a practical standpoint, the typical person really only care about a couple of things: speed and encryption.
  802.11b - describes networks that transmit 11 mbps using a 2.4 GHz radio frequency
  802.11g - describes networks that transmit 54 mbps using a 2.4 GHz radio frequency
  802.11n - describes networks that transmit up to 600 mbps using 2.4 GHz and 5 GHz frequencies
  n is faster than g which is faster than b. The speed of a network connection is limited to the slowest part (so, if you have an 'n' router, but your laptop only supports 'g', you get the 'g' speed).
  WEP, WPA, and WPA2 refer to data encryption schemes specified in parts of the 802.11 document. With Wi-Fi, you are broadcasting your network activity over a radio, and it's pretty obvious that anyone could eavesdrop on the transmission. By using cryptography, you can scramble the data being passed back and forth so that the sender and receiver still understand the messages sent, but an eavesdropper cannot.
  WEP is a very simple encryption scheme, one that the methods to decrypt the data is pretty straight-forward. It's not effective against someone that wants to intentionally eavesdrop on your activities (or access your computer) because they can use software to determine the password simply enough.
  WPA and WPA2 are improvements over WEP that make cracking the password even more difficult (WPA2 being better than WPA).
  The "enterprise" version of WPA2 refers to a variation on WPA2 that requires special security servers, security certificates, and other complicated systems most likely only applicable to a corporate or military environment. It's impractical for a home or small office.
  To connect to a wireless network, you generally don't have to worry about the encryption used since the computer will receive a notice from the wireless network about how it is setup and use the appropriate method. It's probably good for you to pay attention whether the network you are connecting to is secure or not.
  If you are setting up a network at home using a cable modem or broadband router, or even just a Wi-Fi access point, you want to set it up to use WPA2 unless you have some very old computers that only support WPA. You should avoid using WEP.

• Problems w/config AP1200 - WPA Enterprise/Local RADIUS Server

  I have been attempting to reconfigure a AP1200 in our lab environment from using static WEP keys to WPA/TKIP. I can make the solution work with WPA-PSK, but not enterprise. I believe I have everything configured correctly but cannot "validate identity" on the client. Below are the details to my configuration.
  SSID: labssid (Open authentication with EAP)
  Cipher: TKIP
  Key management: Mandatory (WPA)
  I have a Cisco ACS server but am attempting to get this running intially using the local RADIUS server on the Access Point. I have a user defined locally called "test" with a password of "test".
  I am using an IBM ThinkPad T43 with the built-in wireless (Intel PRO/Wireless 2915ABG NIC) for testing. I have the "Use Windows to configure my wireless network settings" checked so I am using the inherant Windows configuration screens. However, I have also attempted to use the IBM NIC configuration utility and receive the same failures. I have the client device configured as follows:
  1. Network authentication: WPA
  2. Data encryption: TKIP
  3. Authentication: Protected EAP (PEAP) (only option other than smartcard, cert.)
  3a. (PROPERTIES) - AuthMethod: Secured Password (EAP-MSCHAP v2)
  4. Authenticate as computer whe computer information is avail (UNCHECKED)
  5. Authenticate as guest when user or computer is unavailable (UNCHECKED)
  When I attempt to provide my test/test credientials the Access Point logs the following:
  Station 0016.6f77.9ccd Authentication failed
  When I look at the Local RADIUS server stats, for each authentication failure the following stat is recorded:
  "Unknown EAP Type"
  If I try to authenticate 5 times, there will be 5 Unknown EAP Type stats logged.
  What am I missing?

  I didn't realize the local RADIUS couldn't do PEAP. That makes sense now, as in testing I decided to point the AP at my ACS server and was able to authenticate. I'm having an issue authenticating at times because it seems the AP looses it's connection TO the ACS server. The Access Point logs the following:
  1. Station 0016.6f77.9ccd Authentication failed
  2. RADIUS server 192.168.102.82:1645,1646 has returned.
  3. RADIUS server 192.168.102.82:1645,1646 is not responding.
  The "not responding" and "returned" logs are recorded at the exact same time period. In my most recent case, it was "Aug 31 18:19:36.981". Both have that time stamp. It's as if the AP looses some heartbeat to the RADIUS server and doesn't check to see if it's alive until a certain interval. When I'm not able to authenticate, if I log into the ACS and manually "restart" the services through the GUI, I authenticate right away. I'm thinking this is an ACS issue not an AP issue, but am wondering if anyone else has ever noticed this behavior.

• Power Mac G4 won't connect to WPA Enterprise

  At the university that I work at we are updating our wireless network to use WPA Enterprise only, instead of WEP 802.1x and WPA Enterprise. The computer that I am having problems with is our test machine for writing connection documentation for the students, faculty, and staff. I can get the computer to access the network trough WEP 802.1x but not WPA Enterprise. The computer will start the connection process and then fail and not connect to the network.

  First, make sure you have at least these versions of the Airport software:
  107795- AirPort Card: When You Can Join a WPA Network
  Then read this article about set-up, including WPA Enterprise:
  107921- AirPort for Mac OS X 10.3 or later: Using different types of wireless security (WEP and WPA)
  "For a school or business, WPA Enterprise can provide each user with unique credentials. WPA Enterprise uses the same security as WPA Personal, but with the added measure of individual usernames and passwords (WPA Personal uses a shared password). Each wireless base station communicates with a RADIUS server to authenticate the user's credentials."
  "You may need the help of a network administrator to join an 802.1x network."

• Ssid access control with WPA Ent and RADIUS author

  Hi, I'd like to control the ssid requested in WPA Enterprise with RADIUS authorization: how to ?
  Is there an attribute in RADIUS IOS or Cisco Aironet ?
  thanks

  Depends on what you are using for a radius server.
  Here are some links that might help.
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080921f67.shtml

• WPA Enterprise Encryption, 802.1x

  Is anyone else disappointed that the iPhone doesn't support WPA Enterprise or 802.1x encryption? At my job we use it for encrypting our wireless traffic, so my iPhone is without wifi all day! Oh sadness. Maybe in a future software update. Anyone official at Apple care to respond? Its been in OSX since 10.3! I thought this thing was running OSX?! Maybe they forgot to upgrade before they pushed out the iPhone build to these sweet little puppies.
  macbook!   Mac OS X (10.4.10)  

  Very disappointed. Please tell them so they fix it:
  http://www.apple.com/feedback/iphone.html
  Aym

• 802.1X Authentication fails when connecting to WPA Enterprise using Leopard

  I'm trying to connect to an office WiFi network with my MacBook Pro which has 10.5.1 installed.
  There are instructions on how to connect using Tiger which are very simple:
  1. Enter network name
  2. Wireless Security: WPA Enterprise
  3. Enter domain credentials for username and password fields
  4. 802.1X Configuration: Automatic
  There are at least two people here using Tiger that can connect using these instructions.
  I've tried the same thing with Leopard and keep getting an error dialog stating "802.1X Authentication has failed."
  I've also tried fiddling with the 802.1X tab under "Advanced" (I know the protocol is PEAP), but no matter what I get the same error.

  Turns out I was not authorized to use the WiFi. IT got me setup and everything works now.

• WPA-Enterprise radius through IPSEC

  Hi
  I have a WRVS4400N and I want to use WPA-Enterprise. The Radius server is accessed through IPSEC VPN. I can connect to the radius server from clients behind the WRVS4400N, but I cannot ping the radius server from the WRVS4400N itself. Is this configuration possible?
  Regards,
  Hein Gustavsen

  It is forgetting the network everytime the iPad sleeps - even when it doesn't require an unlock passwod.

• AP541N - WPA Enterprise - Failed to connect

  Hi,
  I am trying to configure an AP541N with WPA Enterprise. My RADIUS server is an MS ISA 2003 and is already working fine with other devices (I have a ASA5510 also configured to use RADIUS authentication with this server). When I try to connect, I am getting the following error message on the event log of the AP541N:
  Aug  4 18:37:36
  info
  hostapd
  wlan0: IEEE 802.11 STA 00:19:d2:9e:7a:81 deauthed from BSSID 00:21:29:01:60:e0 reason 1
  Aug  4 18:37:36
  info
  hostapd
  wlan0: STA 00:19:d2:9e:7a:81 IEEE 802.1X: Supplicant used different EAP type: 1 (Identity)
  Aug  4 18:37:36
  warn
  hostapd
  wlan0: STA 00:19:d2:9e:7a:81 IEEE 802.1X:  authentication failed - identity 'MYDOMAIN\myuser' EAP type: 0  (Unknown)
  Aug  4 18:37:36
  info
  hostapd
  The wireless client with MAC address 00:19:d2:9e:7a:81 had an authentication failure.
  Aug  4 18:37:36
  warn
  hostapd
  wlan0: STA 00:19:d2:9e:7a:81 IEEE 802.1X: could not extract EAP-Message from RADIUS message
  However, I do not see any error message on the ISA side. It actually tells me that the authentication happens fine. Any suggestion how I could troubleshoot this problem?
  Thank you in advance for your help and have a great day,
  Alex

  After investigation, I found that my ISA server was not configured properly. Here is the URL I used to configure it properly: http://technet.microsoft.com/en-us/library/cc779009(WS.10).aspx

• 10.4.2 and WPA Enterprise NOT working

  Dears,
  I have 2 machines configured in this way:
  - 10.3.9 with Airport card (no Extreme) and latest Airport drivers;
  - 10.4.2 with Airport Extreme card and latest Airport drivers;
  I try to connect to our WPA Enterprise wireless network and i got 2 different results:
  - 10.3.9 connects and works;
  - 10.4.2 returns an error, the logs show the following:
  2005-08-18 13:23:17.601 SystemUIServer[380] EAPOLControlCopyStateAndStatus failed for "en1" (err = 6)
  There was an error trying to get authentication status: 6
  com.apple.network.EAPOLController not active
  Before upgrading to 10.4.2 the same machine with 10.4.1 was able to connect to WPA Enterprise.
  I further investigated on this, seems that under 10.4.2 the folder /System/Library/SystemConfiguration/EAPOLController.bundle is empty, while under 10.4.1 it contained some files (oh yes, I have the disk image of the workstation when it had 10.4.1).
  Maybe the guru guys from Apple can see if the 10.4.2 updater deleted those files in error.. bye !

  Hi Rick,
  I did the following:
  - Re-install 10.4.2 upgrade;
  - Re-install Airport 4.2 upgrade;
  - Repair permissions;
  - Check Keychain.
  I still got those errors in the logs:
  2005-08-19 16:01:07.966 Internet Connect[280] EAPOLControlCopyStateAndStatus failed for "en1" (err = 6)
  There was an error trying to get authentication status: 6
  com.apple.network.EAPOLController not active
  2005-08-19 16:01:07.971 Internet Connect[280] EAPOLControlCopyStateAndStatus err = 6
  com.apple.network.EAPOLController not active
  Using Internet Connect I can see our wireless network, that is correctly identified as being encrypted with "WPA Enterprise" but after I entered user/password I got the following error:
  "WPA Authentication failed. There was an error trying to get authentication status: 6"
  I double checked username/password, mac address, base station configuration (Cisco AP-1131) and Radius server, are all ok (the other mac, with 10.3.9 joins our WPA network succesfully).
  I'm stuck here..

• WPA-Enterprise WIFI dropping after IOS 6 Upgrade

  We use WPA-Enterprise authentication for our WIFI and since upgrading to IOS 6 the connection needs to be reautenticated everytime the iPad is unlocked.  This is a major inconveience.  With IOS 5 you only autenticated one time and whenever you unlocked your iPad you were already connected.
  These are the required settings which IOS 6 still automatically navigates, but it doesn't maintain the login name and password (which autheticates to a RADIUS server):
  Network Authentication: WPA-Enterprise
  Data Encryption: AES or TKIP
  EAP method: PEAP
  Inner EAP method: MS-CHAP v2
  Check Use Windows user name and password
  Uncheck Validate Server certificate

  It is forgetting the network everytime the iPad sleeps - even when it doesn't require an unlock passwod.

• Annoying behaviour on WPA Enterprise wireless LAN

  I have a PB 1.67 running OS X 10.3.9 (all patches installed)
  When I connect it to our WPA Enterprise wireless LAN, I experience the following annoying behaviour.
  Authentication may be slow (sometimes 10 to 15 minutes), but connection usually succeeds.
  Then while I am actively web browsing or retrieving email, things are ok. However if I have to leave the computer for about 3 or more minutes, it seems to decide that it should no longer be on the network and I have to disconnect and then reconnect.
  No send/rec errors show up in the info tab of network utility. IP address is there, status is active and the link is reported as 54Mb. It appears that my machine is not interested in participating on the network until it has been reconnected.
  Does anybody have any ideas on how to track down what might be happening?
  Thanks in advance.

  A follow up:
  I have observed that when I am this non-working state, my 802.1x authentication status shows idle.
  Is there a way that I can trace what is happening at the 802.1x layer?

• WPA Enterprise Not working in MAC

  I have install the Cisco 1131 ap with acs 5.0
  I have configured AP with WPA with Radius Authenticationable
  All Windows 7 & XP user connected
  MAC user is not connected
  there are two option wpa enterprise & wpa2 enterprise

  hello
  on your ACS 5 access policy for wireless, check that EAP-GTC is allowed under "allow PEAP" in the "allowed protocols" section.
  hth
  andy

• WVC210 and WPA-enterprise

  I bought a WVC210 and want to configure it with WPA Enterprise. Regarding to http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6918/ps9692/ps9944/ps9948/data_sheet_c78-504108.pdf it should be an option, but it isn't in the admin config pages. I've tried updating the firmware (1.0.0).
  Why doesn't it work? Any help is appricated

  Hi!
  The firmware is now out and I have the options in the web interface! But, I can't get it to work. We have Cisco Aironet APs with WAP-EAP against a MS IAS (via RADIUS) with certificates configured. I've tried to upload the certificate to the cam but it doesn't work. The webinterface doesn't offer much help. Is there any guide or something like that?
  Thank you!
  Andreas

• WPA-Enterprise: WRT54GL or WAP54G or...?

  Hi!
  I'm planning to implement a WPA-Enterprise network with WPA encryption and 802.1x authentification through a FreeRADIUS server.
  It's a requirement that all clients recieve their IP from our central DHCP server.
  I'm considering both a WAP54G AP and a WRT54GL (since it's very versatilie with option for 3rd party linux OS and the difference in price is minimal) for this setup, although I'm open to other suggestions.
  Anyone have experience in setting up a WPA-Enterprise and FreeRADIUS network, who've perhaps experienced either success or problems with it?
  In regard to the WRT54GL I obviously need to disable the builtin DHCP server, but is it possible to achieve the DHCP passthrough while maintaining a IP on the router's WAN port for remote administration?
  Kindly,
  Thomas

  Thanks for that info - I was thinking we had to plug the WAN cable into a LAN port, which I feared might screw around with the connection to the 802.1x authentication service.
  Additional question:
  Anyone know if roaming between AP's works (flawlessly?) when you're authenticated through 802.1x?