No announcement yet.

Best practice in a wireless enterprise LAN

  • Filter
  • Time
  • Show
Clear All
new posts

  • Best practice in a wireless enterprise LAN

    Till now, I didn't care so much about wireless security, just use a WPA TKIP combination. Last week I buy for my company a Cisco Aironet access point and I discover the "enterprise security" for wireless networks. The problem is that in configuration web page I found a lot of combination of encryption, different EAP technology, words about radius server etc. The question is what is the best practice to secure the wireless lan much more then wpa tkip solution.
    PS : excuse my bad English.

  • #2
    Re: Best practice in a wireless enterprise LAN

    WPA TKIP is ok, but try to use WPA AES which is better.

    To use the RADIUS Server option, you will have to setup a server to act as a RADIUS server. The RADIUS server is then used to authenticate every wireless client connecting to network. Kinda like logging into a domain. Further info in link below:

    Using the RADIUS server would be an added option on top of your WPA encryption, so would make your network even more secure.


    • #3
      Re: Best practice in a wireless enterprise LAN

      I have been using WPA, which, once authorised would give the client internet access through my router, but in order to get into the LAN the client had to run the checkpoint VPN client to authenticate to the firewall and radius
      Herbalaire vaporizers
      Last edited by DYasny; 6th March 2011, 18:56.
      Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

      BA (BM), RHCE, MCSE, DCSE, Linux+, Network+


      • #4
        Re: Best practice in a wireless enterprise LAN

        I managed to install the IAS on a Win2k3 server. Today I hope I'll have time to test the EAP authenticating process. After this I will try to make 2 different SSID : one for local and Internet access and the second one for guests, to have only internet connection. For encryption I will use WPA2 compatibility mode because I still have some mobile devices that "knows" only WPA. As soon as I will have some news I will let you know the status of this project. Thanks for you help.

        Later edit : I tested the authentication process and everything worked fine. Now I'm using EAP for authentication and AES for encryption (in compatibility mode - AES or TKIP)
        Last edited by cielo; 19th June 2008, 04:25.