Re: 802.1X help needed
- From: "Andy" <ajj3085@xxxxxxxxxxxx>
- Date: 27 Nov 2006 03:49:52 -0800
Owen wrote:
Hi, Andy.
I'm the author of the documents you are using. Let me make sure I understand
your network configuration:
- - - - -
Cable Modem ->
LinkSys RTP300 (DHCP disabled) ->
D-Link DWL-900AP+ rev B
SBS2003 (1-NIC config)
Wired Desktop #1
Wired Desktop #2
Wireless Laptop
- - - - -
(This is essentially the "Sample 1-NIC" diagram in the Appendix.)
Yes, that's correct.
I have not used the DWL-900AP+ (any version) so I took a quick look at the rev
B User Manual posted on D-Link's web site. Frankly, there's nothing in the
manual which clearly states this WAP supports 802.1x. It may just be a poor
manual but that would be a _major_ omission if true. Have you found menus on
the WAP where you can specify RADIUS settings? There should be a dynamic rekey
interval setting as well.
It wouldn't suprise me. Dlink documents rarely contain all the major
feature explainations in their manuals. At any rate, there's an 802.1X
tab under the Advanced tab, and there's two fields to specify RADIUS
servers.
As you probably know, this is an older device (the latest firmware dates to
2003) and, as you note, it only supports WEP. As my document says, WEP is
supported but it's not recommended nowadays because it's so easy to crack. The
DWL-900AP+ is also 802.11b and limited to 11Mbps transmission speed. (There
appears to be a proprietary 22Mbps setting, but I don't recommend using non-
standard settings with secure wireless.) IMO, you should seriously consider
replacing the DWL-900AP+ with a more capable device.
I'm in the process of replacing, but until then I would like to attempt
to have some good authentication.
Having said that, if you want to continue diagnosing this using WEP you will
need to provide the specific GPO settings you used. (My docs recommend using
WPA and only provide those settings.) By the way, unlinking the GPO probably
did not have any effect since the settings and certificate had already been
pushed out to the laptop. You can check the settings by bringing up Network
Properties on the laptop and examining the wireless configuration.
I followed the documentation, but instead of choosing WPA in creating
the Wireless LAN GPO object, I selected WEP. I'll check the policy,
although it is working now without the 802.1X.
I do recommend giving the WAP a static IP although a DHCP reservation should
work. (I have never done that, though.) Have you verified the WAP is actually
using the assigned IP? If not - AND if it really supports RADIUS - that's a
problem because Internet Authentication Service will be trying to communicate
with the WAP on the IP you specified.
Yes, I can connect to the WAP's web admin interface over the DHCP
assigned IP address.
If I am correct that the DWL-900AP+ does _not_ support 802.1x, you may actually
be using a pre-shared key version of WEP (static WEP). That would be REALLY
insecure.
I think that's correct; I have to type the same key into all the
clients. I realize its not the most secure, because it is so old, but
at the moment its the best I have. I had a replacement, but it has
proven defective, so now I'm in the process of returning it, having to
wait for a replacement, etc.. which can take a while.
Andy
.
- Follow-Ups:
- Re: 802.1X help needed
- From: Andy
- Re: 802.1X help needed
- References:
- 802.1X help needed
- From: Andy
- Re: 802.1X help needed
- From: Owen Williams [SBS MVP]
- 802.1X help needed
- Prev by Date: Re: Companyweb on SBS 2003
- Next by Date: Re: Cannot See Shared Folders
- Previous by thread: Re: 802.1X help needed
- Next by thread: Re: 802.1X help needed
- Index(es):
Relevant Pages
|
