Results 1 to 9 of 9

Thread: Radius server for Wireless network authentication (to improve security) setup help

  1. #1
    Advanced Member
    Join Date
    Oct 2001
    Posts
    574

    Lightbulb Radius server for Wireless network authentication (to improve security) setup help

    I want to settup a Radius server only for Wireless authentication (not wired)

    I have both a mix of wired and wireless workstations. But I specifically want to configure a Radius server only for the wireless workstations.

    Here's my network setup:

    Internet >> RT311 router >> switch >> WAP >> computers


    How would I go about doing that with Windows Smallbusiness server?

    where would I put the radius server on my network?


    ANy help is appreciated

  2. #2
    SG Enthusiast qball15j's Avatar
    Join Date
    Nov 2001
    Location
    127.0.0.1
    Posts
    3,619
    I'll have to keep my eye on this thread, hopefully YOSC or someone else will post some good info. This may be worth looking into for testing here at home. Right now I just allow VPN pass-through using m0n0wall but would like to try something different, using a radius may be a good solution.

  3. #3
    SG Enthusiast
    Join Date
    Jan 2001
    Location
    DC
    Posts
    4,717
    You need to isolate your wireless network first.
    I would put a second NIC in the 'server' and connect the WAP to it.

    Which radius/auth server are you planning to use?
    anything is possible - nothing is free


    Quote Originally Posted by Blisster
    It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)

  4. #4
    Advanced Member
    Join Date
    Oct 2001
    Posts
    574
    Originally posted by cyberskye
    You need to isolate your wireless network first.
    I would put a second NIC in the 'server' and connect the WAP to it.

    Which radius/auth server are you planning to use?
    is this what you're saying?

    from this:
    Internet >> RT311 router >> switch >> WAP >> computers

    to this:
    Internet >> RT311 router >> switch >> computers (inc. server)

    server>>WAP


    is that how you want me to set it up?



    Oh yeah scratch out the smallbusiness server OS...I want to use windows 2000 advanced server as my radius server...how would I set that up?


    after this is all configured...I still want my wireless computers to keep in contact with the wired network (shared drives, printers, etc.) will that be possible?
    Last edited by newbie1; 03-20-04 at 04:10 PM.

  5. #5
    Advanced Member
    Join Date
    Oct 2001
    Posts
    574
    Originally posted by cyberskye
    You need to isolate your wireless network first.
    I would put a second NIC in the 'server' and connect the WAP to it.

    is it possible to isolate the wireless network a different way?




    I will be doing it your way, but i'm just asking out of curiousity

  6. #6
    SG Enthusiast qball15j's Avatar
    Join Date
    Nov 2001
    Location
    127.0.0.1
    Posts
    3,619
    Originally posted by newbie1
    is it possible to isolate the wireless network a different way?

    I will be doing it your way, but i'm just asking out of curiousity
    Here's my current configuration. I use an old AMD K6 box with two nics and run m0n0wall on it, I have m0n0wall configured to only allow IPSec through to my VPN server which I have running on a 2k server box. However I don't use radius with the VPN...

    So even if someone connects to your wireless network the only thing they can do is connect to an external VPN server since they don't know the internal IP of yours.

  7. #7
    Advanced Member
    Join Date
    Oct 2001
    Posts
    574
    I guess i'll try cyberskye's idea for now

  8. #8
    Advanced Member
    Join Date
    Oct 2001
    Posts
    574

    Question

    Originally posted by cyberskye
    You need to isolate your wireless network first.
    I would put a second NIC in the 'server' and connect the WAP to it.

    Which radius/auth server are you planning to use?
    now what?

  9. #9
    SG Enthusiast
    Join Date
    Jan 2001
    Location
    DC
    Posts
    4,717
    Not sure what you have in your environment (AD, etc) - here is the info from the source. http://www.microsoft.com/technet/sec.../swlanbg3.mspx

    you would need to have a 'filtering' device betweeen your public and private networks. I suggested just one way of doing that.
    anything is possible - nothing is free


    Quote Originally Posted by Blisster
    It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •