Secure Wireless for non-public network, Windows Server 2003 R2, Linksys APs

Here is the scenario. Right now this is on my test network.

Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G ver. 3 access point. I need a secure wireless network. I need all traffic encrypted as well as restricting access ONLY to those with a domain login (and possibly restricting only to known MAC addresses).

I'm assuming that I'll be using a RADIUS server of some sort. I have IAS running on the 2003R2 box, as well at cert services.

What type of authentication do I need to enable on the AP, and how do I set it up on the domain? I've established a shared secret and all of that business, but I'd kind of like to start from scratch and here some of your ideas and suggestions.

If I should just go with some 3rd party software, that is fine to suggest as well. I'd like to stay away from buying Cisco equipment or software, simply because of budgetary constraints. Linksys is cheap, and I think in the end, it can provide everything we need.

Thanks Brandon Riffel

Reply to
bjriffel
Loading thread data ...

Hi I think that an issue like this is a little beyond the scope of newsgroup. There is a lot of info pertaining issues like this in Microsoft's TechNet. Example,

formatting link
further the site and you would be able to gather an adequate solution. Jack (MVP-Networking).

Reply to
Jack (MVP-Networking).

snipped-for-privacy@hotmail.com hath wroth:

You might find the WAP54G v3.0 to be a bit too crude. It's major failings are a tendency to hang and an inability to handle more than about 10 simultaneous connections.

IAS Server 2004 includes RADIUS services. For example:

etc... Setup your access point for WPA-RADIUS and or WPA-ENTERPRISE (same thing) and point to the ISA server.

See above URL for instructions on how to setup RADIUS.

Wrong. RADIUS is a replacement for the system wide wireless shared key. For each session, a new and unique encryption key is issued by the RADIUS server to both the access point and client. This is the prime advantage of RADIUS... there no shared key.

There are 3rd party RADIUS servers and online authentication services available, but your Win2003r2 server has everything you need. Since you like Linksys, they also provide such an online authentication service:

Methinks you're making a mistake. If you find Cisco to be overly expensive, perhaps something in the middle like 3Com or Sonicwall might be more affordable. Cheap security is an oxymoron.

Reply to
Jeff Liebermann

On 19 Jan 2007 07:35:56 -0800, snipped-for-privacy@hotmail.com wrote in :

Are you talking wireless client to wireless client security, or only wireless to the outside world security?

MAC filtering is easily spoofed and thus a waste of time.

Consider running DD-WRT firmware on an appropriate Linksys box (not the [ugh] WAP54G).

Reply to
John Navas

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.