Home > Articles > Cisco Network Technology > Wireless/Optical/High Speed > Moving to WPA/WPA2-Enterprise Wi-Fi Encryption

Moving to WPA/WPA2-Enterprise Wi-Fi Encryption

Article Description

Wi-Fi networks in businesses (no matter how small) should be using the Enterprise mode of WPA or WPA2 encryption. Eric Geier, the author of Wi-Fi Hotspots: Setting Up Public Wireless Internet Access, shows you how to move from the Personal (PSK) mode to the Enterprise (RADIUS) mode.
Getting an Authentication Server

Getting an Authentication Server

There are a few routes you can go to get an 802.1X authentication server:

  • FreeRADIUS: This is one of the most popular AAA servers in the world. Though it's a free open source project, it's more for advanced IT personnel. It is available for many different platforms, including Linux, Mac OS X, and Windows. By default, you change the settings in configuration files.
  • Windows Server: If you already have a Windows Server set up, you can use the included Internet Authentication Service (IAS) in Windows Server 2003 or the Network Policy Server (NPS) in Windows Server 2008.
  • Outsourced Services: Hosted services, such as AuthenticateMyWiFi, are great for those who don't want to invest a lot of money or time setting up a RADIUS server, have multiple offices, or don't have the technical expertise. These services can also provide additional functionality over traditional RADIUS servers.
  • For instance, APs don't have to be Internet-facing; they can be behind NAT routers or gateways, giving you the ability to assign unique secrets to each AP. These services also come with web-based control panels, making it much easier to configure the authentication settings.

4. The Different Flavors of EAP | Next Section Previous Section