|
windows
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Access PointI am using EAP-TLS, and I know that it requires 802.1x complient access point. I am using LinkSys WAP55AG access point wich supports 802.11a/b/g, and surprisingly it is working with EAP-TLS. Here is the config: On AP: RADIUS/TKIP enabled and RADIUS points to Microsoft IAS server. IAS Server: Configure to use Server Certificate and EAP-TLS protocol. Remote Access Policies NAS-PORT 802.11 and other, Windows-Group as well. CA Aothority: Configure to auto distribute user certificated based on group membership. Client side: Set up a wireless profile using windows: Use WPA and TKIP. Under Authentication tab: use Smartcard or other authenticaiton, and enable Validate Server Certificate. With This configuration, client will able to connect only if User certificate, server certificate is validated on both ends(Server and Client). It seems like that it is working eventhough that Access Point doesn't support 802.1x. I am not sure if it is as secure as the one that supports 802.1x. Any ideas why it is working and how secure is this? Regards, Jay The WPA-PSK authentication mode uses a passphrase (basically a string of
characters) to perform authentication and to create the source material (keys) to encrypt the session. The WPA authentication uses 802.1x to perform authentication. The key source material is derived from the successful 802.1x authentication. If the access point is configured for WPA and not WPA-PSK, it is completing a full 802.1x authentication to encrypt your session. The 802.1x authentication work in conjunction with the WPA security specification and this authentication mode would be unable to work without it. To answer your original question, it is more secure to use your configuration than plain-jane 802.1x over a WEP secured session. I hope this reply helps answer your concerns. -- Show quoteJerry Peterson Windows Network Services - Wireless This posting is provided "AS IS" with no warranties, and confers no rights. "Jay" <J**@discussions.microsoft.com> wrote in message news:452FAE19-9F64-41AD-AA8D-1CBB65E10289@microsoft.com... > Hi, > > I am using EAP-TLS, and I know that it requires 802.1x complient access > point. > I am using LinkSys WAP55AG access point wich supports 802.11a/b/g, and > surprisingly it is working with EAP-TLS. > > Here is the config: > > On AP: > RADIUS/TKIP enabled and RADIUS points to Microsoft IAS server. > IAS Server: > Configure to use Server Certificate and EAP-TLS protocol. Remote Access > Policies NAS-PORT 802.11 and other, Windows-Group as well. > CA Aothority: > Configure to auto distribute user certificated based on group membership. > Client side: > Set up a wireless profile using windows: Use WPA and TKIP. Under > Authentication tab: use Smartcard or other authenticaiton, and enable > Validate Server Certificate. > > With This configuration, client will able to connect only if User > certificate, server certificate is validated on both ends(Server and > Client). > It seems like that it is working eventhough that Access Point doesn't > support > 802.1x. > > I am not sure if it is as secure as the one that supports 802.1x. Any > ideas why it is working and how secure is this? > > Regards, > Jay > >  |
|||||||||||||||||||||||
Other interesting topics