Previously, I did a basic configuration to connect a client wirelessly to the network using a Cisco access point.
Now, I’ll be attempting to try out various authentication methods as well as using a Windows Server 2008 R2 to provide the ip addresses using DHCP.
Below is the topology of my network.
Wired Equivalent Privacy (WEP)
WEP is the most unsecured among all of the available methods for securing the wireless connection. It has been demonstrated to be unsecured as compared to the newer standards such as the WPA.
To set up WEP on the Access point, all we have to do is to go to the Wireless tab then go to the Wireless Security sub tab and select WEP for the Security Mode. Select 104 / 128-bit for better encryption. Enter the Passphrase, I’ll be using Fishcake for mine. The passphrase will be used to generate keys which will be used to connect to the AP. Click on generate and then Save Settings.
Input the generated key into the Security key prompt.
Wifi Protected Access/2 (WPA/WPA2)
The WPA was defined in response to serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent Privacy). WPA provides.
WPA2 was then introduced in 2004 to provide an even more secure and complex solution.
Setting up WPA or WPA2 is very similar. First, go to the Wireless tab then go to the Wireless Security sub tab and select PSK Personal/PSK Personal 2 for the Security Mode.
Select the encryption method, I’m going to use TKIP or AES.
Insert the desired Pre-shared Key, I’ll be using Fishcake as my PSK. The pre-shared key will have to be used on the client later on for the authentication.
For key renewal, I’m going to leave it as the default(3600 seconds).
On the client PC, click on the network icon on the task bar and connect to the AP. The prompt for the PSK should pop up. Enter the PSK that we’ve configured on the AP, Fishcake in my case.
To configure your AP to do RADIUS authentication for the wireless clients, go to the Wireless tab then go to the Wireless Security sub tab and select WPA Enterprise for the Security Mode.
Select TKIP as for the encryption method.
Enter the IP address for the RADIUS server and the shared key. Leave the RADIUS port and Key Renewal as default.
Go to the RADIUS server and create a RADIUS client. Enter the Friendly name and the IP address of the wireless AP. Enter the Shared Secret, enter what you’ve entered for the shared key on the wireless AP.
Create the network policy using the NPS wizard. Click on NPS (local) on the side bar. Select RADIUS server for 802.1X Wireless or Wired Connections and then click on Configure 802.1X.
Select Secure Wireless Connections and click Next.
Select the RADIUS client that we’ve just created and click Next.
Select Microsoft: Protected EAT (PEAP) and click on Configure. I’ve previously obtained a self signed certificate from the local Certificate Authority. Select the server certificate and click OK.
Add the user group that will be used to authenticate the wireless connection. Click Next.
Click Next then Finish.
On the client, go to Control Panel and open up Network and Sharing Center. Select Manage wireless networks and click Add.
Select Manually create a network profile.
Enter the SSID into the Network name text box. Select WPA-Enterprise for the Security type and TKIP for the Encryption type.
Untick Connect automatically when this network is in range. This should be ticked after the connection is tested to be working.
Click Next then Change connection settings.
Go to the Security tab and make sure that the Security type and Encryption type is WPA-Enterprise and TKIP.
Select Microsoft: Protected EAP (PEAP) for the authentication method and select Settings.
Make sure that Validate server certificate, connect to these servers: and the root CA is ticked. The RADIUS server’s FQDN should be filled in the Connect to these servers: text box.
Ensure that Secured password (EAP-MSCHAP v2) is selected and click Configure. Untick Automatically use my Windows Logon name and password. Click OK, then OK.
Untick Remember my credentials for this connection each time i’m logged on.
Click on Advanced settings. Tick Specify authentication mode and select user authentication. Click OK.
Click on the network icon on the task bar and connect to the AP. The prompt for the username and password should pop up. Enter the allowed username and password and it should connect to the wireless AP.