Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

MAC and 802.1X Authentication for a Wireless Network

This thread has been viewed 3 times

  • 1.  MAC and 802.1X Authentication for a Wireless Network

    Posted Jan 07, 2015 05:22 AM

    Hello, I'm looking to secure my guest wireless access with a NAC system. I don't want to run a open network with a simple wireless portal because everyone will be able to ears drop on the traffic so this problem brought me to MAC and 802.1X Authentication but there are some details regarding the encryption i can't seem to find.

     

    Basically my WIFI will first try MAC and then username.My NAC will accept any MAC and return a registration vlan. The guest registers he's personal information and will be moved to a internet vlan. Now to my question. What will be used as encryption key for my wireless session? will this be the mac address of the wireless device which is easy to spoof or some random generated key ?

     

    Thank you in advance.



  • 2.  RE: MAC and 802.1X Authentication for a Wireless Network

    Posted Jan 07, 2015 06:13 AM

    Hi friend,

     

    Always encryption of the traffic depends on the Opmode of the SSID profile, if it is open means there is no encryption else if it is otherthan open ( WEP, WPA-PSK, WPA etc) traffic will be encrypted accordingly.

     

    therefore, your NAC is using the MAC address for authentication not for the encryption.

     

    Hope got some clarity,

     

    Please feel free for any further help on this.



  • 3.  RE: MAC and 802.1X Authentication for a Wireless Network

    Posted Jan 07, 2015 06:50 AM
    Hi, Thank you for your answer but i think i might have to rephrase my questions. What key will be used as encryption key when i use WPA2 802.1x Mac auth ?


  • 4.  RE: MAC and 802.1X Authentication for a Wireless Network
    Best Answer

    EMPLOYEE
    Posted Jan 07, 2015 06:54 AM
    There is no such thing as 802.1X MAC auth. 

    If you are doing 802.1X, you would be using either username/password or a certificate. Encryption keys are dynamically created based on the EAP authentication with your RADIUS server. The MAC address can be used for authorization as part of the policy decision. 


  • 5.  RE: MAC and 802.1X Authentication for a Wireless Network
    Best Answer

    Posted Jan 07, 2015 07:03 AM

    Hi,

     

    As you mentioned that you are using WPA2, always key ( TK) will be derived by the dot11i 4way Handshake. 

     

    Further encryption will be taken care by either TKIP or AES as per the selection.

     

    Hence MAC address will be limite to authentication it will not be used for encryption if you enable WPA2

     

    Hope got your answer .

     

    Please feel free for any further query on this.



  • 6.  RE: MAC and 802.1X Authentication for a Wireless Network

    Posted Jan 07, 2015 07:06 AM

    Hi Tim,

     

    Thank you for your clarifying :)

     

     

     

     



  • 7.  RE: MAC and 802.1X Authentication for a Wireless Network

    EMPLOYEE
    Posted Jan 07, 2015 06:49 AM
    There would be no encryption. 

    Since this is a guest network, you would need to use either a PSK or implement something like EAP-PEAP-Public (with ClearPass)