thewireguys 3 Posted May 18, 2008 How do you setup 802.1x? Does anyone have a quick setup guide? I want to use this with Axis cameras and hopefully Isonas access control. Share this post Link to post Share on other sites
scorpion 0 Posted May 18, 2008 http://www.phonejammer.com/ Share this post Link to post Share on other sites
scorpion 0 Posted May 18, 2008 http://scorpiontheater.com/wifi.aspx Wi Fi Forum http://forums.wi-fiplanet.com/ Troubleshooting http://forums.wi-fiplanet.com/forumdisplay.php?f=4 Tutorials http://www.wi-fiplanet.com/tutorials/ ____________________________________________________________ Wifi Forum http://www.wifi-forum.com/wf/ Turorials http://www.wifi-forum.com/wf/forumdisplay.php?f=18 Share this post Link to post Share on other sites
thewireguys 3 Posted May 18, 2008 http://scorpiontheater.com/wifi.aspx Wi Fi Forum http://forums.wi-fiplanet.com/ Troubleshooting http://forums.wi-fiplanet.com/forumdisplay.php?f=4 Tutorials http://www.wi-fiplanet.com/tutorials/ ____________________________________________________________ Wifi Forum http://www.wifi-forum.com/wf/ Turorials http://www.wifi-forum.com/wf/forumdisplay.php?f=18 I'm looking to using this on a hardwired network. From what I understand I need to setup a RADIUS server. Is this correct? Share this post Link to post Share on other sites
scorpion 0 Posted May 19, 2008 http://en.wikipedia.org/wiki/RADIUS I am not familiar with setting up Radius Servers. I will have to defer to someone else. RADIUS is a common authentication protocol utilized by the IEEE 802.1X security standard (often used in wireless networks). Although RADIUS was not initially intended to be a wireless security authentication method, it improves the WEP encryption key standard, in conjunction with other security methods such as EAP-PEAP. RADIUS is extensible; many vendors of RADIUS hardware and software implement their own variants using Vendor-Specific Attributes (VSAs). RADIUS has been officially assigned UDP ports 1812 for RADIUS Authentication and 1813 for RADIUS Accounting by the Internet Assigned Number Authority (IANA) however before IANA allocation ports 1645 - Authentication and 1646 - Accounting were used unofficially and became the default ports assigned by many RADIUS Client/Server implementations of the time. The tradition of using 1645 and 1646 for backwards compatibility continues to this day. For this reason many RADIUS Server implementations monitor both sets of UDP ports for RADIUS requests. Microsoft RADIUS servers default to 1812 and 1813 but Cisco devices default to the traditional 1645 and 1646 ports. Juniper Networks' RADIUS servers also defaults to 1645 and 1646. RADIUS is used by RSA SecurID to enable strong authentication for access control; products such as PhoneFactor add two-factor authentication to legacy RADIUS applications that typically only support username and password authentication. RADIUS is widely used by VoIP service providers. It is used to pass login credentials of a SIP end point (like a broadband phone) to a SIP Registrar using digest authentication, and then to RADIUS server using RADIUS. Sometimes it is also used to collect call detail records (CDRs) later used, for instance, to bill customers for international long distance. RADIUS was originally specified in an RFI by Merit Network in 1991 to control dial-in access to NSFnet. Livingston Enterprises responded to the RFI with a description of a RADIUS server. Merit Network awarded the contract to Livingston Enterprises that delivered their PortMaster series of Network Access Servers and the initial RADIUS server to Merit. RADIUS was later (1997) published as RFC 2058 and RFC 2059 (current versions are RFC 2865 and RFC 2866). Now, several commercial and open-source RADIUS servers exist. Features can vary, but most can look up the users in text files, LDAP servers, various databases, etc. Accounting records can be written to text files, various databases, forwarded to external servers, etc. SNMP is often used for remote monitoring. RADIUS proxy servers are used for centralized administration and can rewrite RADIUS packets on the fly (for security reasons, or to convert between vendor dialects). The Diameter protocol is the planned replacement for RADIUS. Diameter uses SCTP or TCP while RADIUS uses UDP as the transport layer. Share this post Link to post Share on other sites
CollinR 0 Posted May 19, 2008 Are you looking for an Ip cam with a Radius client? That one I haven't noticed before. If I were you... Head out and pick up a cheap linksys wifi router and and put DD-WRT firmaware on it. That will give you a test server for Radius on the uber cheap, then you can start playing with how to find a camera with a Radius client. (DD-WRT firware only works on certain routers, all wifi even though you don't intend to use the wifi side. It's just a $45 WRT54G is rock solid stable and runs Radius so I don't think you can get a better server cheaper. You will be able to shut off the wifi radios to disable all wifi insecurity issues.) Share this post Link to post Share on other sites
thewireguys 3 Posted May 19, 2008 Are you looking for an Ip cam with a Radius client? That one I haven't noticed before. If I were you... Head out and pick up a cheap linksys wifi router and and put DD-WRT firmaware on it. That will give you a test server for Radius on the uber cheap, then you can start playing with how to find a camera with a Radius client. (DD-WRT firware only works on certain routers, all wifi even though you don't intend to use the wifi side. It's just a $45 WRT54G is rock solid stable and runs Radius so I don't think you can get a better server cheaper. You will be able to shut off the wifi radios to disable all wifi insecurity issues.) I cut and pasted this from one of my Axis Products. My friend is running DD-WRT so I will ask him about this. But i am looking for more of a professional solution. I have a Zyxel L2+ switch and my test server runs Server 2003. From what I understand you can setup a RADIUS server on 2003 as a service for free. 802.1x Contents The settings here enable the AXIS 247S Video Server to access a network protected by 802.1x/EAPOL (Extensible Authentication Protocol Over Lan). There are many EAP methods available to do this. The one used here is EAP-TLS (EAP-Transport Layer Security). The client and server authenticate each other using digital certificates provided by a Certification Authority. Note that to ensure successful certificate validation, time synchronization should be performed on all clients and servers prior to configuration. To gain access to the protected network, the AXIS 247S Video Server presents its certificate to the network switch. If the certificate is approved, the switch allows access on a preconfigured port. In order to use port-based authentication, the network must be equipped with a RADIUS protocol server, and a network switch with support for 802.1x. Please see the AXIS 247S Video Server User's Manual for more information. You may also need to contact your network administrator for information on certificates, user ID's and passwords. Certificates CA Certificate - This certificate is created by the Certification Authority for the purpose of validating itself, so the AXIS 247S Video Server needs this certificate to check the server's identity. Provide the path to the certificate directly, or use the browse button to locate it. Then click the Upload button. To remove a certificate, click the Remove button. Client certificate/private key - The AXIS 247S Video Server must also authenticate itself, using a client certificate and a private key. Provide the path to the certificate in the first field, or use the Browse button to locate it. Then click the Upload button. To remove a certificate, click the Remove button. Alternatively, it may be possible to upload the certificate and key in one combined file, (e.g. a PFX file or PEM file). Provide the path to the file, or use the Browse button to locate it. Click Upload to load the file. To remove a certificate and key, click the Remove button. Settings EAPOL version - Select the EAPOL version (1 or 2) as used in your network switch. EAP identity - Enter the user identity associated with your certificate. A maximum of 16 characters can be used. Private key password - Enter the password (maximum 16 characters) for your user identity. Enable 802.1x - Check the provided box to enable the 802.1x protocol. Share this post Link to post Share on other sites
wisp_engineer 0 Posted May 28, 2008 dot1x can be set up on Server 2003. There are plenty of guides from Microsoft that instruct you how to do this. Here is a quick find on google. http://secure.enterasys.com/support/manuals/Pol_Mgr1_8_1-web/docs/p_win2000_config.html I've done it a few times here to provide authentication for my WAP's in our main and branch offices. I don't do this often enough to know right off the top of my head. Share this post Link to post Share on other sites
