Re: Wireless AP wants Radius Server, advice?

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Stuart Mackie [MCP, MSP] (newsgroups_at_--REMOVE_THIS-NO_SPAM--stu.uk.com)
Date: 01/12/05 

Date: Wed, 12 Jan 2005 01:07:43 -0000

Hi Gary. Yes you can use IAS for Radius, and as you've said it would be
more efficient to use IAS since you wouldn't have to reproduce all you users
accounts on the Dlink AP. The first link below has a basic run through of
configuring IAS as a Radius Server for Wireless clients. The second link is
an MS document which has a full explanation on creating a secure wireless
environment using ISA on Win2k3 (test lab example) [second link is best]

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_ias_depl_wap.asp

http://wireless.dweezle.org/Docs/IAS2003config.pdf

What are you planning on using for authentication e.g. PEAP, EAP-TTLS etc ? 

--
Hth,
Stuart Mackie [MCP, MSP]
www.stu.uk.com
"Gary V." <GaryV@discussions.microsoft.com> wrote in message
news:90F32484-7E94-417B-A6DE-A35CDE50134D@microsoft.com...
> Got some questions. Our SBS 2003 server is in our warehouse. I'm putting
> some
> wireless AP in the rafters to cover the warehouse and some mobile
> terminals.
> Reading through the AP's manual they recommend for the best security, WPA
> with Radius CCMP (AES) and TKIP. The AP (Dlink DWL-2210AP) has an onboard
> Radius server but that would require me to add users to the AP, I don't
> want
> to have to do that. However you can also specify the ip address of your
> Radius server. My question, does/is SBS 2003 Prem a Radius server? Does
> IAS
> (Not ISA) count as a Radius server? There is also a WPA-PSK that is the
> 2nd
> recommendation for security on the wireless network, but they recommend
> using
> the built in Radius server over the PSK option. Thanks for any input or
> any
> setups that you all have used for security on a wireless network.
>
> PS. I would rather have it all be wired but they do want the mobility
>
> Thanks Gary V.

Relevant Pages

  • Re: Security. WPA?/-TKIP /-CCMP
    ... > pieces of the puzzle that must be correct or you have a security hole. ... > designated "key manager", do try to get a RADIUS server, where ... open wireless network with VPN clients is an option, ... > A VPN tunnel may be secure but it's also a major performance hit. ...
    (alt.internet.wireless)
  • RE: IAS as a RADIUS server
    ... I've been using IAS in a fairly large deployment here (about 10 production ... RADIUS is a pretty secure protocol itself, so as far as security I'd ... I am in the process on implanting a RADIUS server to authenticate users ...
    (Focus-Microsoft)
  • Re: Wireless AP wants Radius Server, advice?
    ... > configuring IAS as a Radius Server for Wireless clients. ... >> Reading through the AP's manual they recommend for the best security, ...
    (microsoft.public.windows.server.sbs)
  • RE: IAS as a RADIUS server
    ... with IAS you could go one further and encrypt the radius ports ... IAS as a RADIUS server ... RADIUS is a pretty secure protocol itself, so as far as security I'd ... Your network firewall and IDS products do not prevent Web application ...
    (Focus-Microsoft)
  • Re: Do not use Active Directory
    ... To turn on logging for IAS, use "netsh ras set tr * en" at the command ... I created a new user in the server and configured my cisco router to ... > call the radius server for authentification. ...
    (microsoft.public.internet.radius)