Wireless Infrastructure

11:47 AM
Connect Directly

RADIUS Is The Secure WLAN’s Best Friend

When the topic of high-quality wireless networking comes up, its trendy to bandy about notions of blazing throughput and Star Trek-sounding features like "beam forming" and "band steering." But before a client gets to benefit from the growing magic built into the contemporary wireless network, it probably needs to be scrutinized under the lens of “triple A”: authentication, authorization and accounting. This is where the often unsung hero called RADIUS comes in.

RADIUS servers can be expensive or open source and can come as appliances or be virtualized. Not all servers support every EAP type. As for EAP type, organizational security policy and client device demographics go a long way toward driving what you go with. For my “half-Windows, half-Mac” wireless environment, I ended up going with Cisco Secure ACS server, and supplicants native to each OS running Protected EAP (PEAP) with MS-CHAPv2, using WPA2/AES for security, but there are handful of other "typical" combinations.

We use an amazing utility from a company called Cloudpath to automatically configure supplicants (this can be thorny), and I’m proud to say that a few years ago my team was able to rapidly roll out a very large, secure wireless network based on RADIUS with minimal pain. Thousands of users on a dizzying range of client devices connect to our secure WLAN daily without a second thought, while other environments trying to do the same are plagued with frustrations.

As we evolve our RADIUS environment (new security certificates, ditching the appliances and taking the application into our ESX environment), I continue to be impressed that we can use information in our Active Directory to steer wireless users to different networks from the same SSID, and can automate as many other nuanced policy enforcements with RADIUS as we can dream up. Yes, sexy new access points are easy to get excited about, and high data rates generate buzz, but RADIUS is just as cool. Think of it as one of the wizards behind the curtain--at your beckoning once you know how to talk to it. Lee is a Wireless Network Architect for a large private university. He has also tought classes on networking, wireless network administration, and wireless security. Lee's technical background includes 10 years in the US Air Force as an Electronic Warfare systems technician ... View Full Bio

2 of 2
Comment  | 
Print  | 
More Insights
White Papers
Register for Network Computing Newsletters
Current Issue
Twitter Feed