Security

Reply
New Contributor

RADIUS / Smartcard Configuration

I setup our WLAN using WPA2-PSK with AES over a year ago, and it works great.  However the setup is not compliant, and I need to have the WLAN clients authenticating via RADIUS and smartcard. We have a microsoft AD upstream, and I stood up a RADIUS server specifically for authenticiation of the WLAN clients.

 

1) How do I get the users transitioned to smartcard auth. with minimal downtime?

 

2) Is there any additional software or configurations needed on the client to ensure smartcard authentication?

 

3) Is it easier to create a new SSID needed for smartcard use or can I modify existing WLAN setup?

 

 

Any help would be appreciated.

 

 

 

Aruba Employee

Re: RADIUS / Smartcard Configuration


cxcal wrote:

I setup our WLAN using WPA2-PSK with AES over a year ago, and it works great.  However the setup is not compliant, and I need to have the WLAN clients authenticating via RADIUS and smartcard. We have a microsoft AD upstream, and I stood up a RADIUS server specifically for authenticiation of the WLAN clients.

 

1) How do I get the users transitioned to smartcard auth. with minimal downtime?

 

2) Is there any additional software or configurations needed on the client to ensure smartcard authentication?

 

3) Is it easier to create a new SSID needed for smartcard use or can I modify existing WLAN setup?

 

 

Any help would be appreciated.

 

 

 


I can only offer advice for #3, as we do not use smart cards. I would definitely say start by creating a new SSID. PSK is not very secure, being that it doesn't take long for the PSK to be passed around.

 

I would create a new SSID for the new 802.1x setup. Then after you get most users migrated to this new SSID, put a CP up behind the PSK SSID to inform users how to migrate. That will help reduce help desk calls. You could even take it a step further and require those using the PSK to login via CP. Then you could determine who the straglers are who haven't switched to the new SSID.

Thanks,

Zach Jennings
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: