0

I have a new Aironet 1260. I've read that I shouldn't setup WEP for wireless. Any recommendations on how this should be configured? Should I setup 802.1X? I assume I need to setup a radius server. Where should I start?

MDMarra
  • 100,183
  • 32
  • 195
  • 326
Magd
  • 169
  • 2
  • 9
  • If 802.1x is what you want, implement that. If you're happy with WPA2-PSK, then go with that. Unfortunately we can't tell you what you need. – Ben Pilbrow Dec 02 '11 at 20:26
  • 1
    This is a bad question, no doubt. But I'm not entirely sure the close votes are warranted. – MDMarra Dec 02 '11 at 20:33

1 Answers1

6

I have a new Aironet 1260. I've read that I shouldn't setup WEP for wireless.

You read correctly. WEP can be cracked in seconds (and you can't use RADIUS with it). You want WPA2 with AES for encryption.

Any recommendations on how this should be configured?

You can configure this via the web interface or the CLI for that access point. I suggest you read the manual. It's detailed and gives you everything you need to know.

Should I setup 802.1X?

This depends on whether you want everyone to share a key (not very secure, no audit trail). Or if you want each person to log on with their own credentials.

I assume I need to setup a radius server.

Only if you want to do 802.1x. If you have Windows Servers, you can install IAS (Server 2003) or NPS (2008 + 2008 R2). These packages allow you to do RADIUS auth against your Active Directory, if you have one. If you don't have Windows Server, you can set up something like FreeRADIUS on *nix or any of the dozens of alternatives.

Where should I start?

By reading the documentation.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • Just to add, if you opt not to use dot1x and just stick with a pre-shared key using WPA2 and AES, make it long. Currently the only methods I'm aware of to break this is using dictionary crack so a very long key is somewhat descent (for now). Cisco also makes Access Control Servers that run a Radius server and TACACS+ server that work very very well with Cisco AP's and controllers if you do go that route. – Paul Ackerman Dec 03 '11 at 02:15