WPA-Enterprise for Small Businesses (Part 3)

By Eric Geier | Posted September 03, 2008

The first installment of this tutorial series introduced you to some ways in which you can implement WPA-Enterprise on your SOHO network. The second part covered the basics of setting up your own 802.1x RADIUS server. This third installment will continue by walking you through installing and configuring the Elektron RADIUS server. We’ve chosen this server software due to its relatively low cost ($750) and its user-friendly interface that’s quite easy to understand. The cost of other enterprise servers can be in the thousands of dollars and require a great deal of expertise, so this affordable, easy-to-use option is an excellent choice for small business owners working with a limited IT budget.

Downloading the Elektron RADIUS Server

Screen shot
Figure 1: Elektron Settings
(Click for larger image)
.

The first step is to visit the Periodik Labs Web site and download the software. You can take advantage of the 30-day fully functional trial before you have to purchase and enter a valid serial number. This gives you time to figure out if you really want to invest the money for the server, or if you want to compare with other servers or services.

Installing Elektron and Configuring the Digital Certificate

 

After the main installation of Elektron, another wizard will open to help you perform the digital certificate configuration of the server. When you get to the digital certificate setup step, you’ll probably want to create a new certificate hierarchy if you haven’t already purchased a digital certificate. For the server name, you can really just make something up; for example you can enter WPA.yourdomainname.com or even just your name if you don’t have a Web site. The sever name, location, and other identification information you enter is used to create the certificate and will be visible when viewing the digital certificate file later.

Screen shot
Figure 2: Authentication Domain
(Click for larger image)
.

 

Creating a self-signed certificate using the wizard is fine for most small business and home deployments. For maximum security and ease when configuring your computers, however, you can consider purchasing a certificate designed for WLAN authentication and signed by a trusted authority, such as Verisign. Then you would import the certificate file into the Elektron program. If you go this route, then instead of manually installing the self-signed certificate file (you created using the wizard) on all your wireless computers, your computers can validate the server’s identity using a trusted certificate authority (CA) that’s already preloaded in Windows.

 

Now you can access the server administration program, named Elektron Settings (below), from the new Elektron Start menu entry.

Setting Up an Authentication Domain

You need to tell the server in which database to look up the account credentials when clients try to connect/authenticate to your wireless network. On the Elektron Settings program, under the Authentication section on the left menu, select the Authentication Domains entry. Then double-click the Default Authentication Domain entry. You’ll see a dialog box, such as the one pictured below where you can select the database where you have your account list stored.

If you don’t already have an account database, you can opt to authenticate using Elektron Accounts. Then you can add users to the built-in database, as discussed in the next section. If you have a larger and more complex network, you can set up multiple Authentication Domains. For example, clients belonging to Domain A are authenticated against the Active Directory and Domain B clients against the Elektron Accounts—or whatever suits your needs.



Page 1 of 2

 
1 2
Next Page

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date