Wireless Infrastructure

11:47 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

RADIUS Is The Secure WLAN’s Best Friend

When the topic of high-quality wireless networking comes up, its trendy to bandy about notions of blazing throughput and Star Trek-sounding features like "beam forming" and "band steering." But before a client gets to benefit from the growing magic built into the contemporary wireless network, it probably needs to be scrutinized under the lens of “triple A”: authentication, authorization and accounting. This is where the often unsung hero called RADIUS comes in.

RADIUS servers can be expensive or open source and can come as appliances or be virtualized. Not all servers support every EAP type. As for EAP type, organizational security policy and client device demographics go a long way toward driving what you go with. For my “half-Windows, half-Mac” wireless environment, I ended up going with Cisco Secure ACS server, and supplicants native to each OS running Protected EAP (PEAP) with MS-CHAPv2, using WPA2/AES for security, but there are handful of other "typical" combinations.

We use an amazing utility from a company called Cloudpath to automatically configure supplicants (this can be thorny), and I’m proud to say that a few years ago my team was able to rapidly roll out a very large, secure wireless network based on RADIUS with minimal pain. Thousands of users on a dizzying range of client devices connect to our secure WLAN daily without a second thought, while other environments trying to do the same are plagued with frustrations.

As we evolve our RADIUS environment (new security certificates, ditching the appliances and taking the application into our ESX environment), I continue to be impressed that we can use information in our Active Directory to steer wireless users to different networks from the same SSID, and can automate as many other nuanced policy enforcements with RADIUS as we can dream up. Yes, sexy new access points are easy to get excited about, and high data rates generate buzz, but RADIUS is just as cool. Think of it as one of the wizards behind the curtain--at your beckoning once you know how to talk to it. Lee is a Network Engineer and Wireless Technical Lead for a large private university. He also teaches classes on networking, wireless network administrtaion, and wireless security. Lee's technical background includes 10 years in the US Air Force as an Electronc Warfare ... View Full Bio

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Audio Interviews
Archived Audio Interviews
This radio show will provide listeners with guidance from Dell Storage experts, who can help you explore ways to simplify workload management while achieving a balance of price and performance.
Slideshows
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed
Cartoon