Access Point

jay

Distinguished
Mar 7, 2001
581
0
18,980
Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Hi,

I am using EAP-TLS, and I know that it requires 802.1x complient access
point.
I am using LinkSys WAP55AG access point wich supports 802.11a/b/g, and
surprisingly it is working with EAP-TLS.

Here is the config:

On AP:
RADIUS/TKIP enabled and RADIUS points to Microsoft IAS server.
IAS Server:
Configure to use Server Certificate and EAP-TLS protocol. Remote Access
Policies NAS-PORT 802.11 and other, Windows-Group as well.
CA Aothority:
Configure to auto distribute user certificated based on group membership.
Client side:
Set up a wireless profile using windows: Use WPA and TKIP. Under
Authentication tab: use Smartcard or other authenticaiton, and enable
Validate Server Certificate.

With This configuration, client will able to connect only if User
certificate, server certificate is validated on both ends(Server and Client).
It seems like that it is working eventhough that Access Point doesn't support
802.1x.

I am not sure if it is as secure as the one that supports 802.1x. Any
ideas why it is working and how secure is this?

Regards,
Jay
 
G

Guest

Guest
Archived from groups: microsoft.public.windows.networking.wireless (More info?)

The WPA-PSK authentication mode uses a passphrase (basically a string of
characters) to perform authentication and to create the source material
(keys) to encrypt the session.

The WPA authentication uses 802.1x to perform authentication. The key
source material is derived from the successful 802.1x authentication. If
the access point is configured for WPA and not WPA-PSK, it is completing a
full 802.1x authentication to encrypt your session. The 802.1x
authentication work in conjunction with the WPA security specification and
this authentication mode would be unable to work without it.

To answer your original question, it is more secure to use your
configuration than plain-jane 802.1x over a WEP secured session.

I hope this reply helps answer your concerns.

--
Jerry Peterson
Windows Network Services - Wireless

This posting is provided "AS IS" with no warranties, and confers no rights.
"Jay" <Jay@discussions.microsoft.com> wrote in message
news:452FAE19-9F64-41AD-AA8D-1CBB65E10289@microsoft.com...
> Hi,
>
> I am using EAP-TLS, and I know that it requires 802.1x complient access
> point.
> I am using LinkSys WAP55AG access point wich supports 802.11a/b/g, and
> surprisingly it is working with EAP-TLS.
>
> Here is the config:
>
> On AP:
> RADIUS/TKIP enabled and RADIUS points to Microsoft IAS server.
> IAS Server:
> Configure to use Server Certificate and EAP-TLS protocol. Remote Access
> Policies NAS-PORT 802.11 and other, Windows-Group as well.
> CA Aothority:
> Configure to auto distribute user certificated based on group membership.
> Client side:
> Set up a wireless profile using windows: Use WPA and TKIP. Under
> Authentication tab: use Smartcard or other authenticaiton, and enable
> Validate Server Certificate.
>
> With This configuration, client will able to connect only if User
> certificate, server certificate is validated on both ends(Server and
> Client).
> It seems like that it is working eventhough that Access Point doesn't
> support
> 802.1x.
>
> I am not sure if it is as secure as the one that supports 802.1x. Any
> ideas why it is working and how secure is this?
>
> Regards,
> Jay
>
>