Recommend ROuter / WAP which supports Radius Client and [radius clients and 802.1X]

Recommend ROuter / WAP which supports Radius Client and [radius clients and 802.1X]

Post by cw21 » Tue, 03 Apr 2007 09:41:11


Which router do folks recommend for the SBS 2003 R2 secure wireless
config /w [radius clients and 802.1X]?

Thanks a bunch guys and gals!

CW
 
 
 

Recommend ROuter / WAP which supports Radius Client and [radius clients and 802.1X]

Post by Dave Nicka » Wed, 04 Apr 2007 00:48:15

I'm using 3Com 3CRGPOE10075's. These are true wireless access points -
they're not routers, and don't do DHCP or any of that. And I've had mine a
while, so they might have a different model number by now.

I chose 3Com because I want a business class product rather than a
home-level device, and at the time I found 3Com to be a more affordable
alternative to Cisco. I don't have anything against any other brand, but I
feel strongly that in an office environment, you should not be using a
free-after-rebate plastic box from the stationery supply store. These 3Coms
have been completely bulletproof.

Have you seen this? I strongly recommend this configuration for 802.1x.

Configuring Secure Wireless Network Access with MicrosoftWindowsSmall
Business Server 2003
http://www.yqcomputer.com/ ~clearviewtc/

 
 
 

Recommend ROuter / WAP which supports Radius Client and [radius clients and 802.1X]

Post by Owen Willi » Fri, 06 Apr 2007 23:25:18

In article < XXXX@XXXXX.COM >,
XXXX@XXXXX.COM says...


Dave's recommendation is solid, although based on some discussions with
him I believe the 3Com model he recommends supports only TKIP encryption
and not AES. This is *not* a show-stopper, but many newer (and even
some older) devices do support AES.

You did not say what size and type organization this is for. For price-
sensitive non-profits, I have had good luck with the venerable LinkSys
WRT54g versions 2 - 4 (now sold as the WRT54gL). These use embedded
Linux as the OS. They work fine as-is, but the firmware can also be
replaced with any of several open source versions which provides useful
capabilities, such as being able to increase power output to the FCC-
approved maximum.

The WRT54g is a wireless router, but reconfiguring a wireless router to
a WAP is trivial:

* Disable DHCP server.
* Assign a static IP address appropriate to your LAN addressing plan.
* Do *NOT* use the WAN/Internet jack - put a piece of electrical tape
over it.
* Connect the device to your LAN via one (usually out of 4) LAN jacks.
The other jacks can be used just like an Ethernet switch, which they
are!

For my personal use, I have just (as in "yesterday") acquired a D-Link
DIR-655 Xtreme N Gigabit Router to replace my Belkin F5D-7230-4 v1444.
It supports IEEE802.11 b/g/draft n, WPA/WPA2 (separately or mixed),
TKIP/AES, 802.1x authentication, and the WAN + 4 LAN jacks are all
gigabit-capable. US$125 at Buy.com with free shipping. The reviews of
the device are very good, but I have not had time to set it up yet.
"News at 11."

-- Owen Williams (SBS MVP)
 
 
 

Recommend ROuter / WAP which supports Radius Client and [radius clients and 802.1X]

Post by Dave Nicka » Sat, 07 Apr 2007 01:41:52

The one I have supports either WPA/TKIP or WPA2/AES, but in any case I'm
pretty sure it's been replaced with a newer model.

I use one of the WRT54 models on my home network, and least 3 others I
support. I've found them to be completely bulletproof.
 
 
 

Recommend ROuter / WAP which supports Radius Client and [radius clients and 802.1X]

Post by Owen Willi » Sat, 07 Apr 2007 02:35:43

In article < XXXX@XXXXX.COM >,
XXXX@XXXXX.COM says...


Good to know. So the issue you were having with AES v. TKIP was with
one or more of the wireless NICs not supporting AES rather than with the
WAP?


Yes, this is one of the few LinkSys products that I have no reservations
about recommending. Definitely an oldie but goodie. And the antennas
are easily replaceable with higher-gain models (~US$20 on eBay). I've
done this and it makes a big difference, especially when combined with
open source firmware that enables the radio power to be increased from
the default ~28mw to ~250mw. (NOTE: The higher power is permitted in
the U.S. but may not be in other countries. Check local regulations.)

The main caveat is that my experience is limited to the Linux-based
versions. Beginning with v5 - which is mostly what is being sold retail
these days - the operating system was replaced with one that requires
less EEPROM (2MB v. 4MB). That model may work fine - I don't know
because I have not tried one. I look for either the WRT54gL from a
store or the v2 - v4 models on eBay.

-- Owen Williams (SBS MVP)
 
 
 

Recommend ROuter / WAP which supports Radius Client and [radius clients and 802.1X]

Post by kj » Sat, 07 Apr 2007 03:19:13


fyi

They've for some reason skipped v7 and current retail market products seem
to all be at v8.

Just bought one to replace my spare stock but I didn't do much with it yet.
Antennas looked more fixed than I remember, I'll have to do a side by side
with one of my older ones.

--
/kj
 
 
 

Recommend ROuter / WAP which supports Radius Client and [radius clients and 802.1X]

Post by Dave Nicka » Sat, 07 Apr 2007 03:46:35

My WAP supports either WPA with TKIP, or WPA2 with AES. When I configured
the GPO to use WPA with AES, it failed because the router could only be
configured with WPA2 with AES (and WPA2 could not be selected in the GPO).
When I switched the router back to WPA and TKIP (so it exactly matched the
GPO), that solved the problem. IIRC, it was that the router would not allow
me to select an AES choice that exactly matched the GPO, and without the
exact match, it didn't work.
 
 
 

Recommend ROuter / WAP which supports Radius Client and [radius clients and 802.1X]

Post by Owen Willi » Sat, 07 Apr 2007 04:59:49

In article < XXXX@XXXXX.COM >, XXXX@XXXXX.COM
says...


KJ, I'd like your feedback about the post-v4 version(s) at your
convenience. (When one is a solo practitioner, it gets a little
expensive and time consuming to buy and try stuff you may or may not
actually use!) You can contact me directly via e-mail if you prefer.

FYI, I now have all of the components required to implement WPA2
support. The only remaining challenge is finding the time to set it up
and document it! 8-)

-- Owen Williams (SBS MVP)
 
 
 

Recommend ROuter / WAP which supports Radius Client and [radius clients and 802.1X]

Post by Owen Willi » Sat, 07 Apr 2007 05:00:39

In article <uvqE# XXXX@XXXXX.COM >,
XXXX@XXXXX.COM says...


Thanks! I now have it straight. [I think! ;-) ]

-- Owen Williams (SBS MVP)
 
 
 

Recommend ROuter / WAP which supports Radius Client and [radius clients and 802.1X]

Post by kj » Sat, 07 Apr 2007 05:16:17


I'll be happy to Owen although I don't know any of mine at v5 or v6. I'll
even try a walk through of your current Wireless setup doc with this v8 one
and look for any variances as availability permits.

--
/kj
 
 
 

Recommend ROuter / WAP which supports Radius Client and [radius clients and 802.1X]

Post by Owen Willi » Sat, 07 Apr 2007 12:51:55

In article < XXXX@XXXXX.COM >, XXXX@XXXXX.COM
says...


Any and all feedback is always appreciated!

-- Owen Williams (SBS MVP)