1. Home
  2. Wireless Networking
  3. ? Info on secure enterprise 250+ user WLAN required.

? Info on secure enterprise 250+ user WLAN required.

Win2003 Server has IAS, Internet Authentication Service (Radius) but for 250+ users i think you will need the Enterprise Edition. Search the Microsoft web site for IAS for more info.

802.11i (WPAv2)
formatting link
with 802.1x and using EAP protocol and a strong authentication method such as PEAP (server side certificate and username,password) or EAP-TLS (server and client certificates) or Funks EAP-TTLS along with Radius is the latest security for wireless. Or some people prefer to still use VPN.

You will need to make some decisions on the type of Access point, Smart or Thin. Smart access points usually have all the config info within and are typically managed individually. Thin are basically a radios connected to a switch, and everything is managed from the switch. the type you choose may depend on how many APs you expect to have (manageability)

It would be very hard to give any real world coverage without doing a site survey or the building. Different buildings have various RF propagation characteristics. Other things like bandwidth requirements of the users and rather roaming is necessary throughout the building come into play.

wireless

My suggestion would be to visit some sites like cisco, symbol, proxim etc and read the success stories, white papers etc and arm yourself with knowledge.

Reply to
Airhead
Loading thread data ...

I need to read up on WLAN configuration, security and authentication to a Windows 2003 domain for around 250+ users. Info on real world coverage to laptops with integrated WiFi in a curved Victorian 4 storey building would be useful too.

I'm aware of the weak security that most kit is configured for out of the box and the problems it can bring.

Anyone have any useful internet references?

I've looked at

formatting link
formatting link
My aim is to convince a very conservative network manager that wireless doesn't have to be insecure if properly implemented.

Cheers!

Paul

Reply to
MW0CDO

Reply to
Peter Pan

Thanks very much for the information.

I thought that Win 2003 had IAS built in. The version installed is very likely to be Enterprise, as it already authenticates 7000+ users.

It looks possible to have no VPN, relying on EAP-TTLS to secure the link instead.

I will look at the manufacturers' sites that you mention as well. Did try looking on Intel earlier, but large parts of the site appeared to be down.

Cheers!

Paul.

Reply to
MW0CDO

I'm not discounting VPN at all, just hypothesising.

As it happens, I discovered today that there are almost no free IP addresses left in the allocated block.

Anyway, many thanks to all for the suggestions. I spent yesterday reading up on them.

The persuasion with ammunition has worked, the network manager has given us the go-ahead. Not sure how he EVER got to be net manager, he didn't appear to know all that much about networks or the newer technologies. Also discovered that the copper desktop links are still 10Mbps, as are all the switches. Hopefully, all of this will change once we start the building refurbishment.

Thanks everyone for the help.

Paul.

Reply to
MW0CDO

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.