Implementing 802.1x on Wireless Networks with Cisco and Microsoft
Cisco and Microsoft have partnered in creating the first commercial 802.1x implementation. Several open source implementations are forthcoming, and will be documented here shortly. The Microsoft/Cisco implementation requires three components:
Meetinghouse Data Communications has written other client implementations for 802.1x, and currently have beta drivers for Linux, Windows 2k and NT4.
The only way to ensure strong mutual authentication between Windows XP and the access point is to enable dynamic WEP - without it, your machines are vulnerable to a man in the middle attack. 802.1x port access authentication isn't enough by itself.
An 802.1x Troubleshooting Guide will be up soon, as will instructions on using the Orinoco AP1000 and AP2000.
In summary, here's the basic network topology for this setup:
*
The setup is also broken down into its three components:
This How-to is still a work in progress, comments and questions are welcomed at mvanopst@cs.umd.edu Research for this project is funded by and performed at the University of Maryland Information Systems Security Lab.
Page created and last updated January 30th, 2002
by Mike van Opstal
* Network
Topology Image courtesy of Cisco.
Cisco,Windows,Windows 2000,Windows XP, and other items are registered
trademarks of their respective companies.