Hi
I'm planning a new wireless network based on 802.1x, and have a few
questions I hope someone might help me with.
As far as I have now gathered, when you use 802.1x, you validate users with
an IAS (radius) server. You encrypt the communication between a laptop and
the access point with WEP or WPA, and the access point validates the user
with IAS. So far so good?
But, then you have 2 options when you use EAP or PEAP.
You can either use MS-CHAP-V2 which essentially validates you against the
IAS with a user name and password. Am I correct?
The other option is to use digital certificates, which are automatically
rolled out within the A.D. To be validated through IAS, the machine and/or
user must have a valid client certificate from the domains or trusted CA.
Correct?
I'f my assumptions so far are correct, what are the benefits by using 802.1x
with MS-CHAP-V2? If you have a user with a week password it can easelly be
hacked, and you must of course have an user ID to use as well. But wouldn't
this be quite similar to have an access point that uses WPA-PSK?
Hope someone will give me som input, since I'm a rookie in this field :-)
/A.
|
Similar Threads
Linear Mode
