Wireless- RADIUS, EAP_TLS worth it?

Sone · 27 Jul 2006 at 15:54

Got the wireless setup here to use RADIUS and PEAP. Is it worth setting up certificates and using EAP?

Also a n00b wireless connection, i have 6 access points dotted around is it best to have the same ssid or each to be different ? (currently different but i thought having the same may stop confusion)

bitslice · 31 Jul 2006 at 16:59

Q2
using the same SSID makes roaming easier,

but then XP will only report the one SSID, so users might end up connecting to one which isn't actually the closest to them but happened to have the best signal at the time.

I left all mine the same, but then I don't need roaming.

Q1
have no direct experience of EAP,
so no point me gobbing off for the sake of it

would imagine the maintenance of certificates is a pain ?

growse · 31 Jul 2006 at 18:08

EAP can be done on an MD5 challange I think, no need for certs then. Also, think you can get LEAP to auth against a windows AD...

bitslice · 1 Aug 2006 at 12:59

happened to see this post elsewhere....

"EAP via radius with certs for the users Using 1100's.
Only two downsides. They have to authenticate once via hard wire to grab the cert. And two when they walk from one AP to another AP there is a tiny bit of drop time as they reauthenticate with the new AP.
The MS white paper http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx
"

hth

Chief Wiggum · 1 Aug 2006 at 13:22

bitslice said:
happened to see this post elsewhere....

"EAP via radius with certs for the users Using 1100's.
Only two downsides. They have to authenticate once via hard wire to grab the cert. And two when they walk from one AP to another AP there is a tiny bit of drop time as they reauthenticate with the new AP.
The MS white paper http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx
"

hth

Actually, if you're using Cisco Kit, you can set the system up to be a WDS (Wireless Domain Service) You set one up as the master and the rest authenticate against the master. During a session you authenticate once, ap's relay the request to the master which authenticates agains the Radius Server or locally - depending how you set the connection up.

When you roam from one ap to the next you don't get dropped. You actually loose available bandwidth.

I know this because I recently deployed the solution. You see a 54g connection drop to approx 18mbps and sometimes as low as 2mbps.

Link to Cisco Page

Kev