dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2149
share rss forum feed


Acuity

join:2002-06-22
Londonderry, NH

[Enterprise] Wireless Security Setup

I'm in an environment with roughly 500 clients at several locations, all managed by Ruckus WLAN controllers. Several users frequently go in between locations. I'm looking to set up FreeRADIUS to manage the authentication process so that all of the sites can be centrally managed.

MAC authentication is weak, but it keeps users honest. By this I mean that it prevents users from bringing their own devices in the workplace (there are policies against this). But on the flip side, any hacker could find their way in. 802.1x EAP + MAC Address does a little better at protecting data traveling on the network, and is probably a better option.

WPA is good for security, but not so good for security. There are a lot of users, and the password would need to be saved on every device. All it takes is a little Googling and then one user knows the password, followed by all users knowing the password and bringing private devices on network. This would be a hassle to change, since it would effect everyone.

See where I'm going here? I need a happy medium. If only there was a way to use LDAP + MAC authentication on RADIUS I'd be all set. Users would need to type in their own LDAP passwords and RADIUS would keep their rogue devices off the network.

Any suggestions? Currently I have a very basic FreeRADIUS setup where I've bounced back and fourth with captive portal / web authentication and MAC Address authentication isolated to play around with. Both work, but neither is exactly what I'm looking for.


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

1 recommendation

I'm not an expert here. However ...

You should be able to find a quality access point device that can configure a radius server. With that, you should be able to use WPA or WPA2, where users authenticate with their own passwords.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 12.2; firefox 17.0


phantasm11b
Premium
join:2007-11-02
reply to Acuity
I don't know anything about Ruckus WLAN controllers, however, I use WPA2 Enterprise and my users authenticate with their AD credentials. Not sure what the rest of your infrastructure look like though.