HPE Community
Communications and Wireless
1848309 Members
8268 Online
104024 Solutions
New Discussion

Securing WLAN

 
Amit Dixit_2
Regular Advisor

‎04-22-2004 07:16 PM

‎04-22-2004 07:16 PM

Securing WLAN

HI,
I want to configure my WLAN having Cisco
1100 Series AP's such that when the user walk
into my WLAN it should be authenticated by
username and password and if possible aslo
by MAC address.

I dont want to buy any costly hardware
or software for the same is it possible
to have this solution on WIN2K or Linux
server.

IF on WIN 2000 Server i dont want to use
ADS as it asks that the computer should be
first joined to that domain.

Thanks,
Amit
0 Kudos
3 REPLIES 3
Erwin Ratuita_1
Occasional Advisor

‎05-15-2004 04:52 PM

‎05-15-2004 04:52 PM

Re: Securing WLAN

upgrade your router firmware, if you have linksys WRT54G

try to download latest WRT54G firmware. There are a few compatibilities issues indeed :
ftp://ftp.linksys.com/pub/network/
get wrt54g_1.01.4_012903_us_code.exe and wrt54g_1.01.4_013103_us.zip

Then update your operating system.

Then you can use WAP-PSK under wireless security.

Hope that helps...
0 Kudos
Ernest Ford
Trusted Contributor

‎05-16-2004 05:15 AM

‎05-16-2004 05:15 AM

Re: Securing WLAN

One way to achieve your specified requirement is to connect the AP to a separate network segment connected to it's own LAN adapter in your server.

Instead of using DHCP you can configure bootp which requires you to create a list of MAC addresses and the ip addresses to be assigned accordingly - kind of like DHCP reservations but more secure.

You could probably get creative and have users whose MAC addresses are not in the list assigned addresses from a specific pool and then directed to a default webpage that would give them directions on how to contact you to get access.

You would then have the users authenticate to the server (using RAS) before they will be permitted to connect through it to the main network segment. This of course would be on a separate LAN adapter.
0 Kudos
Shane_33
Frequent Advisor

‎05-17-2004 10:34 PM

‎05-17-2004 10:34 PM

Re: Securing WLAN

I would recommend utilising the 802.1x authentication mechanism. It has the benefit of being standards based and is also supported by most current operating systems (Windows XP has it built-in).

When the wireless lan is detected by the client the access point (AP) requests 802.1x authentication - the user (not the machine - important distinction) needs to supply username/password or smartcard logon to proceed. The AP then bounces the request off your RADIUS server which contains access rights per user.

If the user is authenticated they are allowed on, if not, you can either drop them (no access) or put them on a "guest" VLAN - your choice and dependant on how you setup your wired network.

If you want to really tie it down, then authenticate the client device/machine too, by something such as MAC authentication. Using the two together (802.1x and MAC Auth) you can be assured that both the "machine" and the "user" are both allowed on your wireless network.

Regards,
Shane.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.