That is why, right from the outset, a great deal of importance has been attached to wireless network security.īy 1999, the first version of the IEEE 802.11 standard – which constitutes the basis for WLAN network operation – already devoted a section to describing the procedures to achieve a secure network. With high-gain antennas, it is possible to listen in on the data that passes through an office from outside the building. Username/Password on something like FreeRadius might be the best option if you don't have budget for a more enterprise solution.The nature of electromagnetic waves is such that anyone in a wireless network can receive the data sent over the air. If you are not familiar with Public Key Infrastructure(PKI) this might be a large undertaking, and you might need to involve a partner or contractor.Ĭertificate auth is, in my opinion, the best and most secure way to authenticate, but it also is somewhat more complicated(you also need to find a way to put certificates on all the devices). There are paid options like Entrust or Clearpass, or free options like (i've not tested this, just some googling found it). If you are moving away from AD, you would need to find another CA. From the Aruba side there should be minimal changes, it would be the back end auth server which needs to process the EAP request.Īs for configuring a PKI, with AD its pretty simple. There is some information there about what you need to do. Let me know if you have questions about these options. if you need to apply FW polices up steam, you might be forced to use VLAN, but i would still suggest role mapping over MAC filtering. What are you using to authenticate your users? If you have AD in the back end you should be able to pass back role information and assign Teacher vs Students to different roles, even while keeping them on the same VLAN in the Aruba infrastructure. During roaming there may be more over head to join the next AP when using Enterprise, but this should not really be noticable ot the end user unless you have high latency between you network and AAA servers.Īuthing devices via MAC is not very secure, and if you have teksavvy students it's only a matter of time before they figure out how to clone a MAC and get teacher access.
The main difference is during authentication. "Are there performance differences associated with WPA2 Personal vs Enterprise?"įor actual traffic encryption i believe they use the same encryption algorithm based on AES, so there would be no difference.
0 kommentar(er)
