Secure Wireless for non-public network, Windows Server 2003 R2, Linksys APs

Here is the scenario. Right now this is on my test network.

Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
ver. 3 access point. I need a secure wireless network. I need all
traffic encrypted as well as restricting access ONLY to those with a
domain login (and possibly restricting only to known MAC addresses).

I'm assuming that I'll be using a RADIUS server of some sort. I have
IAS running on the 2003R2 box, as well at cert services.

What type of authentication do I need to enable on the AP, and how do I
set it up on the domain? I've established a shared secret and all of
that business, but I'd kind of like to start from scratch and here some
of your ideas and suggestions.

If I should just go with some 3rd party software, that is fine to
suggest as well. I'd like to stay away from buying Cisco equipment or
software, simply because of budgetary constraints. Linksys is cheap,
and I think in the end, it can provide everything we need.

Thanks
Brandon Riffel

Hi
I think that an issue like this is a little beyond the scope of newsgroup.
There is a lot of info pertaining issues like this in Microsoft's TechNet.
Example,
http://www.microsoft.com/technet/com...a/isa0316.mspx
Search further the site and you would be able to gather an adequate
solution.
Jack (MVP-Networking).

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Here is the scenario. Right now this is on my test network.
>
> Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
> ver. 3 access point. I need a secure wireless network. I need all
> traffic encrypted as well as restricting access ONLY to those with a
> domain login (and possibly restricting only to known MAC addresses).
>
> I'm assuming that I'll be using a RADIUS server of some sort. I have
> IAS running on the 2003R2 box, as well at cert services.
>
> What type of authentication do I need to enable on the AP, and how do I
> set it up on the domain? I've established a shared secret and all of
> that business, but I'd kind of like to start from scratch and here some
> of your ideas and suggestions.
>
> If I should just go with some 3rd party software, that is fine to
> suggest as well. I'd like to stay away from buying Cisco equipment or
> software, simply because of budgetary constraints. Linksys is cheap,
> and I think in the end, it can provide everything we need.
>
> Thanks
> Brandon Riffel
>

(E-Mail Removed) hath wroth:

>Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
>ver. 3 access point. I need a secure wireless network. I need all
>traffic encrypted as well as restricting access ONLY to those with a
>domain login (and possibly restricting only to known MAC addresses).

You might find the WAP54G v3.0 to be a bit too crude. It's major
failings are a tendency to hang and an inability to handle more than
about 10 simultaneous connections.

>I'm assuming that I'll be using a RADIUS server of some sort. I have
>IAS running on the 2003R2 box, as well at cert services.

IAS Server 2004 includes RADIUS services. For example:
<http://www.enterasys.com/support/manuals/Pol_Mgr1_8-web/docs/p_win2000_config.html>
<http://www.microsoft.com/whdc/device/network/802x/AccessPts.mspx>
<http://www.microsoft.com/technet/community/chats/trans/isa/isa0316.mspx>
etc...
Setup your access point for WPA-RADIUS and or WPA-ENTERPRISE (same
thing) and point to the ISA server.

>What type of authentication do I need to enable on the AP, and how do I
>set it up on the domain?

See above URL for instructions on how to setup RADIUS.

>I've established a shared secret and all of
>that business, but I'd kind of like to start from scratch and here some
>of your ideas and suggestions.

Wrong. RADIUS is a replacement for the system wide wireless shared
key. For each session, a new and unique encryption key is issued by
the RADIUS server to both the access point and client. This is the
prime advantage of RADIUS... there no shared key.

>If I should just go with some 3rd party software, that is fine to
>suggest as well.

There are 3rd party RADIUS servers and online authentication services
available, but your Win2003r2 server has everything you need. Since
you like Linksys, they also provide such an online authentication
service:
<http://www.linksys.com/wirelessguard/>

>I'd like to stay away from buying Cisco equipment or
>software, simply because of budgetary constraints. Linksys is cheap,
>and I think in the end, it can provide everything we need.

Methinks you're making a mistake. If you find Cisco to be overly
expensive, perhaps something in the middle like 3Com or Sonicwall
might be more affordable. Cheap security is an oxymoron.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On 19 Jan 2007 07:35:56 -0800, (E-Mail Removed) wrote in
<(E-Mail Removed) .com>:

>Here is the scenario. Right now this is on my test network.
>
>Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
>ver. 3 access point. I need a secure wireless network. I need all
>traffic encrypted

Are you talking wireless client to wireless client security, or only
wireless to the outside world security?

>as well as restricting access ONLY to those with a
>domain login (and possibly restricting only to known MAC addresses).

MAC filtering is easily spoofed and thus a waste of time.

>I'm assuming that I'll be using a RADIUS server of some sort. I have
>IAS running on the 2003R2 box, as well at cert services.
>
>What type of authentication do I need to enable on the AP, and how do I
>set it up on the domain? I've established a shared secret and all of
>that business, but I'd kind of like to start from scratch and here some
>of your ideas and suggestions.
>
>If I should just go with some 3rd party software, that is fine to
>suggest as well. I'd like to stay away from buying Cisco equipment or
>software, simply because of budgetary constraints. Linksys is cheap,
>and I think in the end, it can provide everything we need.

Consider running DD-WRT firmware on an appropriate Linksys box (not the
[ugh] WAP54G).

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>