-
Adversity temporarily visits a strong man but stays with the weak for a lifetime. -
Re: Need some advice on learning networking
WINNING
Remember the 7 layer Burrito
It's on the certification testComment
-
Re: Need some advice on learning networking
Great thanks for asking.
I generally don't comment in this thread but I saw where Butthead made his usual dumbass remarks. I don't understand how he feels he walks on water, a box of rocks is smarter than he is.
Sent from my SM-G960U using TapatalkComment
-
Re: Need some advice on learning networking
Here you go litte buddy
Comment
-
Re: Need some advice on learning networking
Says the one who is afraid to put his location or name in his profile let alone even try to take the Cisco Certified Network Analyst course that Billy is taking. Far beyond anything* CompTia will ever teach you.Comment
-
Re: Need some advice on learning networking
Ok Mr IT of the year go to talk with real IT techs like rthonpm... wait you can't 🚷
Instead go back to the your basics and spew hatred in non technical forum!A tree is known by its fruit, a man by his deeds. A good deed is never lost, he who sows courtesy, reaps friendship, and he who plants kindness gathers love.
Blessed are they who can laugh at themselves, for they shall never cease to be amused.Comment
-
Re: Need some advice on learning networking
My next project involves setting up a radius sever (some call it a triple A server) to authenticate wireless users. This will take the place of using a pre-shared key(WPA-PSK).
I've begun to research the steps involved. Most of the work involves configuring Windows Server 2019.
Here's a breif overview:
Introduction
To make wireless networks really secure you should use a RADIUS server to authenticate your users instead of using a pre-shared key. The RADIUS server will handle the authentication requests and uses EAP (Extensible Authentication Protocol) to communicate with users. There are many EAP types and the most popular ones are:
PEAP (Protected EAP)
EAP-TLS
PEAP is normally used to authenticate users by using a username and password. The RADIUS server will show a certificate to the users so that they can verify that they are talking to the correct RADIUS server. EAP-TLS is the most secure form of wireless authentication because it replaces the client username/password with a client certificate.
This lesson walks you through the installation and configuration of Windows Server 2008 using NPS (Network Policy Server) as the RADIUS server for a Cisco wireless LAN controller. We will configure the server so that it supports PEAP using MS-CHAPv2 for password authentication but we’ll also look at EAP-TLS which can be used to authenticate clients using certificates that we will generate on the server. In this lesson, we will configure the following components on the server:
Active Directory
DNS
Certificate Services
IIS
NPS
Active Directory (AD) is where we store all the user accounts, it’s the central database that we use for authentication. Whenever you install an AD you also require a DNS server. Certificate services will be used to install the server as a root CA so that we can generate a computer certificate that will be presented to wireless clients and to generate the client certificates for EAP-TLS.
IIS is the web server and we will use it so that EAP-TLS clients can easily request a certificate with their web browser for their wireless connection. Last but not least, NPS is the RADIUS server and that’s where we will configure some wireless policies.
I realized that many network engineers are comfortable configuring switches and wireless equipment but might be new to Windows Server 2008. This “how to” was written so anyone without “Windows Server” experience should be able to get the job done.
If you think about it, a radius server makes a lot of sense for a big company. If an employee quits or is fired, they still have the wireless password. It wouldn't make sense to change the password every time someone is fired or quits.
By default, when you use a radius server, everyone in Active Directory can log on to the wireless network. If you don't want everyone to have wireless access, you can create a "group" and grant very specific access.
When someone quits or is fired, you simply remove them from AD or the group that you created.Last edited by BillyCarpenter; 12-17-2021, 08:24 AM.Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
-
Re: Need some advice on learning networking
I think I mentioned that the layer 3 switch that I ordered from EBAY had a shipping delay. Turns out that it never arrived and I was issued a refund. I ended up ordering another one and it arrived about a week ago. Unfortunately, the console port is mini-usb and I don't have one. I placed it on order yesterday. I have to wait for it to arrive before I can fully implement the wireless configuration that I'm dying to do.
In the meantime, I continue to do my homework on the integration been Windows Radius Server and a Cisco Wireless LAN Controller.
This is a pretty involved process to set up. I found the documentation needed to do it but I anticipate some growing pains. We'll see....
I think the thing that I like most about this configuration is that we setup a few different SSID's and each one is associated with a different VLAN on the wired network. At first, I was confused at how this works, but what happens is that when a user logs onto an SSID he's placed in the VLAN associated with the SSID and the WLC adds a VLAN tag to the data packet and it's sent over a trunk line to the switch where it's ultimately routed to the correct destination.
One last note: If a person is gonna do this for a living, you better come up with a good system for filing setup information because there's no way to remember all of it.
I've now reached a level of familiarity with Cisco routers and switches to where I'm comfortable setting up anything but there are instances where you have to configure a Server to make it work. That can be challenging.Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
-
Re: Need some advice on learning networking
I've only seen one instance of a security group used for Radius instead of just using the Users container. It was a larger customer that had a separate wireless network to allow wireless access to a separate VLAN containing all of their management interfaces (iDRAC and other we interfaces for equipment). Having any kind of central authentication mechanism makes everything so much cleaner.
Sent from my BlackBerry using TapatalkComment
-
Re: Need some advice on learning networking
I'm learning just how powerful a radius server can be. You can use it to grant different levels of access to a switch, router, Access Points, or a Wireless Lan Controller...among other things.
You can use policies to grant or deny access and even control what vlan a wireless user is placed in. It's freakin' awesome.
I still have to set it up once my console cable arrives. My lack of experience with Windows Server is forcing me to do a lot of homework. I'm sure I'll have some questions for you when I set this up.Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
Comment